Bump UBI base images to the newest 9.5.x versions
What does this MR do?
Bump UBI base images to the newest 9.5.x versions
ubi-micro: 9.4-15 -> 9.5-1731934928
: container-diff diff -t metadata -t sizelayer -t size daemon://redhat/ubi9-micro:9.4-15 daemon://redhat/ubi9-micro:9.5-1731934928 2>&1
-----Metadata-----
Image metadata differences between redhat/ubi9-micro:9.4-15 and redhat/ubi9-micro:9.5-1731934928:
redhat/ubi9-micro:9.4-15
-Workdir: /
-Labels: architecture:x86_64 build-date:2024-11-18T13:02:08Z com.redhat.component:ubi9-micro-container com.redhat.license_terms:https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI description:Very small image which doesn't install the package manager. distribution-scope:public io.buildah.version:1.38.0-dev io.k8s.description:Very small image which doesn't install the package manager. io.k8s.display-name:Red Hat Universal Base Image 9 Micro io.openshift.expose-services: maintainer:Red Hat, Inc. name:ubi9/ubi-micro release:1731934928 summary:ubi9 micro image url:https://www.redhat.com vcs-ref:3d9291004b217b340ff942e2a6008a5b1c01fc7a vcs-type:git vendor:Red Hat, Inc. version:9.5
redhat/ubi9-micro:9.5-1731934928
-Workdir:
-Labels: architecture:x86_64 build-date:2024-08-27T19:24:54 com.redhat.component:ubi9-micro-container com.redhat.license_terms:https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI description:Very small image which doesn't install the package manager. distribution-scope:public io.buildah.version:1.29.0 io.k8s.description:Very small image which doesn't install the package manager. io.k8s.display-name:Ubi9-micro io.openshift.expose-services: maintainer:Red Hat, Inc. name:ubi9/ubi-micro release:15 summary:ubi9 micro image url:https://access.redhat.com/containers/#/registry.access.redhat.com/ubi9/ubi-micro/images/9.4-15 vcs-ref:cd5996c9b8b99b546584696465f8f39ec682078c vcs-type:git vendor:Red Hat, Inc. version:9.4
-----Size-----
Image size difference between redhat/ubi9-micro:9.4-15 and redhat/ubi9-micro:9.5-1731934928:
SIZE1 SIZE2
21.9M 24.4M
-----SizeLayer-----
Layer size differences between redhat/ubi9-micro:9.4-15 and redhat/ubi9-micro:9.5-1731934928:
LAYER SIZE1 SIZE2
0 21.9M 24.4M
1 unknown 24.4M
:
: vulns() { grype --quiet -o template --template <(echo '{{range .Matches}}{{printf "%s - %s\n" .Vulnerability.ID .Vulnerability.Severity}}{{end}}') $1 ; }
: diff -Naur --label redhat/ubi9-micro:9.4-15 <(vulns redhat/ubi9-micro:9.4-15) --label redhat/ubi9-micro:9.5-1731934928 <(vulns redhat/ubi9-micro:9.5-1731934928)
: ubi-minimal: 9.4-1227 -> 9.5-1731604394
: container-diff diff -t rpm -t metadata -t sizelayer -t size daemon://redhat/ubi9-minimal:9.4-1227 daemon://redhat/ubi9-minimal:9.5-1731604394 2>&1
-----Metadata-----
Image metadata differences between redhat/ubi9-minimal:9.4-1227 and redhat/ubi9-minimal:9.5-1731604394:
redhat/ubi9-minimal:9.4-1227
-Workdir: /
-Labels: architecture:x86_64 build-date:2024-11-14T17:13:14Z com.redhat.component:ubi9-minimal-container com.redhat.license_terms:https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI description:The Universal Base Image Minimal is a stripped down image that uses microdnf as a package manager. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly. distribution-scope:public io.buildah.version:1.38.0-dev io.k8s.description:The Universal Base Image Minimal is a stripped down image that uses microdnf as a package manager. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly. io.k8s.display-name:Red Hat Universal Base Image 9 Minimal io.openshift.expose-services: io.openshift.tags:minimal rhel9 maintainer:Red Hat, Inc. name:ubi9-minimal release:1731604394 summary:Provides the latest release of the minimal Red Hat Universal Base Image 9. url:https://www.redhat.com vcs-ref:2586e39cc3717ea49313f54c7c7f12344a3727c2 vcs-type:git vendor:Red Hat, Inc. version:9.5
redhat/ubi9-minimal:9.5-1731604394
-Workdir:
-Labels: architecture:x86_64 build-date:2024-08-27T13:56:46 com.redhat.component:ubi9-minimal-container com.redhat.license_terms:https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI description:The Universal Base Image Minimal is a stripped down image that uses microdnf as a package manager. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly. distribution-scope:public io.buildah.version:1.29.0 io.k8s.description:The Universal Base Image Minimal is a stripped down image that uses microdnf as a package manager. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly. io.k8s.display-name:Red Hat Universal Base Image 9 Minimal io.openshift.expose-services: io.openshift.tags:minimal rhel9 maintainer:Red Hat, Inc. name:ubi9-minimal release:1227 summary:Provides the latest release of the minimal Red Hat Universal Base Image 9. url:https://access.redhat.com/containers/#/registry.access.redhat.com/ubi9-minimal/images/9.4-1227 vcs-ref:94baa7760359088a42ad33dc22d329a5ee2c7209 vcs-type:git vendor:Red Hat, Inc. version:9.4
-----RPM-----
Packages found only in redhat/ubi9-minimal:9.4-1227: None
Packages found only in redhat/ubi9-minimal:9.5-1731604394:
NAME VERSION SIZE
-openssl-fips-provider-so 3.0.7-6.el9_5 1.3M
Version differences:
PACKAGE IMAGE1 (redhat/ubi9-minimal:9.4-1227) IMAGE2 (redhat/ubi9-minimal:9.5-1731604394)
-alternatives 1.24-1.el9, 61.8K 1.24-1.el9_5.1, 62K
-audit-libs 3.1.2-2.el9, 306.7K 3.1.5-1.el9, 330.8K
-coreutils-single 8.32-35.el9, 1.3M 8.32-36.el9, 1.3M
-crypto-policies 20240202-1.git283706d.el9, 84.2K 20240828-2.git626aa59.el9_5, 89.7K
-curl-minimal 7.76.1-29.el9_4.1, 239.5K 7.76.1-31.el9, 239.5K
-dnf-data 4.14.0-9.el9, 38.2K 4.14.0-17.el9, 38.2K
-filesystem 3.16-2.el9, 106B 3.16-5.el9, 106B
-gdbm-libs 1.19-4.el9, 113.6K 1.23-1.el9, 125.6K
-glib2 2.68.4-14.el9, 12.8M 2.68.4-14.el9_4.1, 12.8M
-glibc 2.34-100.el9_4.3, 6.2M 2.34-125.el9_5.1, 6.1M
-glibc-common 2.34-100.el9_4.3, 1M 2.34-125.el9_5.1, 1M
-glibc-minimal-langpack 2.34-100.el9_4.3, 0 2.34-125.el9_5.1, 0
-krb5-libs 1.21.1-2.el9_4, 2.4M 1.21.1-4.el9_5, 2.4M
-libblkid 2.37.4-18.el9, 224.5K 2.37.4-20.el9, 224.5K
-libcurl-minimal 7.76.1-29.el9_4.1, 506.2K 7.76.1-31.el9, 506.1K
-libdnf 0.69.0-8.el9_4.1, 2M 0.69.0-12.el9, 2M
-libgcc 11.4.1-3.el9, 194.1K 11.5.0-2.el9, 194.1K
-libgcrypt 1.10.0-10.el9_2, 1.3M 1.10.0-11.el9, 1.3M
-libksba 1.5.1-6.el9_1, 385.2K 1.5.1-7.el9, 385.2K
-libmount 2.37.4-18.el9, 311K 2.37.4-20.el9, 311K
-libnghttp2 1.43.0-5.el9_4.3, 165.9K 1.43.0-6.el9, 165.9K
-librhsm 0.0.3-7.el9_3.1, 77.6K 0.0.3-9.el9, 77.7K
-libsmartcols 2.37.4-18.el9, 131.7K 2.37.4-20.el9, 131.7K
-libsolv 0.7.24-2.el9, 887.4K 0.7.24-3.el9, 895.6K
-libstdc++ 11.4.1-3.el9, 2.4M 11.5.0-2.el9, 2.4M
-libuuid 2.37.4-18.el9, 37.2K 2.37.4-20.el9, 37.2K
-openssl-fips-provider 3.0.7-2.el9, 1.3M 3.0.7-6.el9_5, 251B
-openssl-libs 3.0.7-27.el9, 5.2M 3.2.2-6.el9_5, 6.4M
-pcre 8.44-3.el9.3, 526.6K 8.44-4.el9, 525.1K
-pcre2 10.40-5.el9, 637K 10.40-6.el9, 637K
-pcre2-syntax 10.40-5.el9, 228.8K 10.40-6.el9, 228.8K
-redhat-release 9.4-0.4.el9, 57.4K 9.5-0.6.el9, 57.4K
-rpm 4.16.1.3-29.el9, 2.6M 4.16.1.3-34.el9, 2.6M
-rpm-libs 4.16.1.3-29.el9, 751.2K 4.16.1.3-34.el9, 751.2K
-shadow-utils 4.9-8.el9, 3.6M 4.9-9.el9, 3.6M
-systemd-libs 252-32.el9_4.7, 1.7M 252-46.el9_5.2, 1.7M
-tzdata 2024a-1.el9, 1.6M 2024b-2.el9, 1.6M
-----Size-----
Image size difference between redhat/ubi9-minimal:9.4-1227 and redhat/ubi9-minimal:9.5-1731604394:
SIZE1 SIZE2
94.6M 98.2M
-----SizeLayer-----
Layer size differences between redhat/ubi9-minimal:9.4-1227 and redhat/ubi9-minimal:9.5-1731604394:
LAYER SIZE1 SIZE2
0 94.6M 98.2M
1 unknown 98.2M
:
: vulns() { grype --quiet -o template --template <(echo '{{range .Matches}}{{printf "%s - %s\n" .Vulnerability.ID .Vulnerability.Severity}}{{end}}') $1 ; }
: diff -Naur --label redhat/ubi9-minimal:9.4-1227 <(vulns redhat/ubi9-minimal:9.4-1227) --label redhat/ubi9-minimal:9.5-1731604394 <(vulns redhat/ubi9-minimal:9.5-1731604394)
--- redhat/ubi9-minimal:9.4-1227
+++ redhat/ubi9-minimal:9.5-1731604394
@@ -3,18 +3,12 @@
CVE-2024-7264 - Low
CVE-2023-4156 - Low
CVE-2024-52533 - Medium
-CVE-2024-34397 - Medium
CVE-2023-32636 - Low
CVE-2022-3219 - Low
-CVE-2024-3596 - High
-CVE-2024-26462 - Medium
-CVE-2024-26461 - Low
-CVE-2024-26458 - Low
CVE-2023-30571 - Medium
CVE-2024-9681 - Low
CVE-2024-7264 - Low
CVE-2022-27943 - Low
-CVE-2024-2236 - Medium
CVE-2022-27943 - Low
CVE-2024-34459 - Low
CVE-2023-45322 - Low
@@ -27,12 +21,7 @@
CVE-2023-45918 - Low
CVE-2022-29458 - Low
CVE-2023-2953 - Low
-CVE-2024-6119 - Medium
-CVE-2024-5535 - Low
-CVE-2024-4741 - Low
-CVE-2024-4603 - Low
CVE-2024-41996 - Low
-CVE-2024-2511 - Low
CVE-2022-41409 - Low
CVE-2022-41409 - Low
CVE-2024-0232 - Low
:Why was this MR needed?
To close off some CVEs.
What's the best way to test this MR?
- See the pipeline go green
- Check the resulting images (runner & runner-helper) with grype / trivy and see that we have less vulnerabilities, esp. that we are not vulnerable for CVE-2024-10963 any more.
What are the relevant issue numbers?
Edited by Hannes Hörl