Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-3802

Quay 3.7.0 image vulnerability reported by Redhat ACS

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • quay-v3.7.2
    • quay-v3.7.0
    • quay
    • False
    • None
    • False

      Description:

      This is security vulnerability issue found in Quay 3.7.0 images used by Quay Operator, the following is the list, pls review.

      Quay 3.7.0 operator bundle image: quay-operator-bundle-container-v3.7.0-129

      Quay Postgres Image:

      Fixable RHSA-2022:1065 (CVSS 7.5) (severity Important) found in component 'openssl' (version 1:1.1.1k-5.el8_5.x86_64) in container 'postgresql', resolved by version 1:1.1.1k-6.el8_5 
      
      Fixable RHSA-2022:1065 (CVSS 7.5) (severity Important) found in component 'openssl-libs' (version 1:1.1.1k-5.el8_5.x86_64) in container 'postgresql', resolved by version 1:1.1.1k-6.el8_5

      Quay Redis Image:

      Fixable RHSA-2022:1065 (CVSS 7.5) (severity Important) found in component 'openssl-libs' (version 1:1.1.1k-5.el8_5.x86_64) in container 'redis', resolved by version 1:1.1.1k-6.el8_5 

      Quay Image:

      Fixable RHSA-2022:1676 (CVSS 7.1) (severity Important) found in component 'gzip' (version 1.9-12.el8.x86_64) in container 'registry-server', resolved by version 0:1.9-13.el8_4 

      Quay Image:quay-operator-bundle-container-v3.7.0-129

      Vulnerability reported by ACS:

              doconnor@redhat.com Dave O'Connor
              lzha1981 luffy zhang
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: