Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update required packages #1771

Merged
merged 1 commit into from
Jul 22, 2021
Merged

Update required packages #1771

merged 1 commit into from
Jul 22, 2021

Conversation

ciarams87
Copy link
Member

@ciarams87 ciarams87 commented Jul 21, 2021
edited
Loading

Proposed changes

Address CVE-2021-33910 for debian images and for UBI images

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto master
  • I will ensure my PR is targeting the master branch and pulling from my branch from my own fork

@github-actions github-actions bot added the bug An issue reporting a potential bug label Jul 21, 2021
@ciarams87 ciarams87 force-pushed the fix/libsystemd-vulnerability branch 3 times, most recently from 87160dc to a6891cc Compare July 21, 2021 16:19
lucacome
lucacome reviewed Jul 21, 2021
View reviewed changes
build/Dockerfile Outdated
&& groupadd --system --gid 101 nginx \
&& useradd --system --gid nginx --no-create-home --home-dir /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx

# temporary fix for CVE-2021-33910 - systemd-pam
RUN microdnf --nodocs install -y systemd-pam || echo "Can't install systemd-pam - package not available in ubi7"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this be moved to line 85, so it runs only for ubi8?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point 👍🏼

@ciarams87 ciarams87 force-pushed the fix/libsystemd-vulnerability branch from a6891cc to d61a8cf Compare July 21, 2021 18:12
@ciarams87 ciarams87 merged commit 6ff3a5e into master Jul 22, 2021
@ciarams87 ciarams87 deleted the fix/libsystemd-vulnerability branch July 22, 2021 08:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lucacome lucacome lucacome approved these changes

@pleshakov pleshakov pleshakov approved these changes

@vepatel vepatel vepatel approved these changes

Assignees
No one assigned
Labels
bug An issue reporting a potential bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ciarams87 @lucacome @pleshakov @vepatel