Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: quay-v3.7.2
Affects Version/s: quay-v3.7.0
Component/s: quay
Labels:
- triaged

Blocked:
False
Blocked Reason:
None
Ready:
False

RICE Score:
0

Target Version:

quay-v3.7.2

SFDC Cases Links:
SFDC Cases Counter:

Description:

This is security vulnerability issue found in Quay 3.7.0 images used by Quay Operator, the following is the list, pls review.

Quay 3.7.0 operator bundle image: quay-operator-bundle-container-v3.7.0-129

Quay Postgres Image:

Fixable RHSA-2022:1065 (CVSS 7.5) (severity Important) found in component 'openssl' (version 1:1.1.1k-5.el8_5.x86_64) in container 'postgresql', resolved by version 1:1.1.1k-6.el8_5 

Fixable RHSA-2022:1065 (CVSS 7.5) (severity Important) found in component 'openssl-libs' (version 1:1.1.1k-5.el8_5.x86_64) in container 'postgresql', resolved by version 1:1.1.1k-6.el8_5

Quay Redis Image:

Fixable RHSA-2022:1065 (CVSS 7.5) (severity Important) found in component 'openssl-libs' (version 1:1.1.1k-5.el8_5.x86_64) in container 'redis', resolved by version 1:1.1.1k-6.el8_5

Quay Image:

Fixable RHSA-2022:1676 (CVSS 7.1) (severity Important) found in component 'gzip' (version 1.9-12.el8.x86_64) in container 'registry-server', resolved by version 0:1.9-13.el8_4

Quay Image:quay-operator-bundle-container-v3.7.0-129

Vulnerability reported by ACS: