1

I am building a docker image for my Java application using rhel7:7.7 as base image. There is a high criticality issue found by JFrog Xray when scanning the image "Red Hat Security Advisory: Satellite 6.7 release." https://access.redhat.com/errata/RHSA-2020:1454

There are 4 python components are reported having issues:

  • python-chardet-3.0.4-10.el7ar.src.rpm
  • python-dateutil-2.8.1-2.el7ar.src.rpm
  • python-six-1.11.0-8.el7ar.src.rpm
  • python-pycurl-7.43.0.2-4.el7sat.src.rpm

I am not sure:

  • how does Xray detect those python libraries
  • what's RH Satellite and how they are related to the python libraries.
  • How to update RH security advisory updates manually

What I have tried:

  • Remove the python libriraies in the docker file, but doesn't help.
Delong
  • 11
  • 1
  • Welcome to Stack Overflow. To help you get the best result on Stack Overflow, see how to ask good [questions](https://stackoverflow.com/help/how-to-ask). Make sure your question covers these 3 elements: 1. Problem Statement 2. Your Code (it should be [Minimal, Reproducible Example](https://stackoverflow.com/help/minimal-reproducible-example) 3. Error Message (preferably full Traceback to help others review and provide feedback). Sometimes the same question may have already been asked. Make sure your question is not a [duplicate](https://stackoverflow.com/help/duplicates) – Joe Ferndz Aug 23 '20 at 20:12

0 Answers0