Hello Team, On checking the rhel8/httpd-24 container image (1-156) [1], the httpd package httpd-2.4.37-39.module+el8.4.0+9658+b87b2deb.x86_64 is present. But when we check the package details in Red Hat site [2], there is an update available (from 2021-09-30) which fixes the original vulnerability (CVE-2021-40438). The container image (1-156) [1] is affected, since it contains a non-fixed version of httpd.
Do we have any idea when an updated container image for httpd24 will be available, that contains a fixed version? Any inputs will be really helpful. Thanks in advance. [1] https://catalog.redhat.com/software/containers/rhel8/httpd-24/5ba0addbbed8bd6ee819856a?container-tabs=packages&tag=1-156&push_date=1632226439000 [2] https://access.redhat.com/downloads/content/rhel---8/x86_64/7443/httpd/2.4.37-39.module+el8.4.0+12865+a7065a39.1/src/fd431d51/package-changelog -- Regards, *Abey Jose* TSE, OpenShift Container Platform <https://red.ht/sig> TRIED. TESTED. TRUSTED. <https://redhat.com/trusted>
_______________________________________________ SCLorg mailing list SCLorg@redhat.com https://listman.redhat.com/mailman/listinfo/sclorg