Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-77180

Ansible-Operator requires more frequent CVE updates

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 4.20
    • Operator SDK
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Critical
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      Partner utilizing Ansible-Operator is not seeing frequent security/CVE updates

      Version-Release number of selected component (if applicable):

      How reproducible:

      Steps to Reproduce:

      Cisco ACI uses UBI images on Operator Framework not the ones in our RH Catalog:

      For RHEL 9-based UBI: https://catalog.redhat.com/software/containers/openshift4/ose-ansible-rhel9-operator/6527e49eadb44b09d465a57b

      Cisco ACI is currently blocked due to the number of CVEs shown in their Ansible-Operator  https://quay.io/repository/operator-framework/ansible-operator?tab=tags
       

      Quay shows last modified 3months ago

      Advisory  Severity  Package  Current version Fixed in version Introduced in layer    
      GHSA-38jv-5279-wg99   High urllib3 2.5.0 2.6.3 COPY /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages # buildkit    
      GHSA-gm62-xv2j-4w53   High urllib3 2.5.0 2.6.0 COPY /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages # buildkit    
      GHSA-2xpw-w6gg-jr37   High urllib3 2.5.0 2.6.0 COPY /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages # buildkit    
      CVE-2025-15467   High openssl-libs 1:3.5.1-4.el9_7 1:3.5.1-7.el9_7 LABEL"architecture"="ppc64le" "vcs-type"="git" "vcs-ref"="f7f5876a3d86ded473c14b11d7491c2b6ddf39ce" "org.opencontainers.image.revision"="f7f5876a3d86ded473c14b11d7491c2b6ddf39ce" "build-date"="2025-11-17T06:52:24Z" "release"="1763362218"org.opencontainers.image.revision=f7f5876a3d86ded473c14b11d7491c2b6ddf39ce    
      GHSA-r6ph-v2qm-q3c2   High cryptography 46.0.1 46.0.5 COPY /usr/local/lib64/python3.12/site-packages /usr/local/lib64/python3.12/site-packages # buildkit    
      GHSA-8rrh-rw8j-w5fx   High wheel 0.45.1 0.46.2 COPY /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages # buildkit    
      CVE-2025-59375   High expat 2.5.0-5.el9_6 0:2.5.0-5.el9_7.1 RUN |2 TARGETARCH=ppc64le GIT_COMMIT=devel /bin/sh -c set -e && microdnf clean all && rm -rf /var/cache/dnf/* && microdnf update -y && microdnf install -y python3.12 && microdnf clean all && rm -rf /var/cache/dnf # buildkit    
      GHSA-63vm-454h-vhhq   High pyasn1 0.6.1 0.6.2 COPY /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages # buildkit    

      Actual results:

      Expected results:

      Additional info:

              rh-ee-mykastur Mytreya Kasturi
              adakopou@redhat.com Antonios Dakopoulos
              None
              None
              Jia Fan Jia Fan
              None
              Cisco Confidential Group, Partner Engineers who use @redhat.com accounts. This group excludes Red Hat employees and most IBM Storage staff (who belong to ibm_storage* groups instead)., Red Hat Bugzilla Authorized, Red Hat Bugzilla See Partner Bugs, Red Hat Product Security
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: