Images from ibmjava:8-sfj: The scan results show that 3 ISSUES were found for the image

[avina-z]

Images build with this base are shown with 3 ISSUES found:

Vulnerable Packages Found

CVE-2019-5188

Policy Status Active

Summary e2fsprogs could be made to execute arbitrary code if it was runningin a crafted ext4 partition.

Vendor Security Notice IDs Official Notice
usn-4249-1 http://www.ubuntu.com/usn/usn-4249-1

Affected Packages Policy Status How to Resolve Security Notice
e2fsprogs Active Upgrade e2fsprogs to >= 1.44.1-1ubuntu1.3 usn-4249-1

CVE-2019-13627

Policy Status Active

Summary Libgcrypt could be made to expose sensitive information.

Vendor Security Notice IDs Official Notice
usn-4236-1 http://www.ubuntu.com/usn/usn-4236-1

Affected Packages Policy Status How to Resolve Security Notice
libgcrypt20 Active Upgrade libgcrypt20 to >= 1.8.1-4ubuntu1.2 usn-4236-1

usn-4233-2

Policy Status Active

Summary USN-4233-1 marked SHA1 as untrusted in GnuTLS with no workaround.

Vendor Security Notice IDs Official Notice
usn-4233-2 http://www.ubuntu.com/usn/usn-4233-2

Affected Packages Policy Status How to Resolve Security Notice
libgnutls30 Active Upgrade libgnutls30 to >= 3.5.18-1ubuntu1.3 usn-4233-2

[jayasg12]

Hi @avina-z , Latest ibmjava:8-sfj image is built with ubuntu 22.04 . Above mentioned vulnerabilities will not be seen with latest images. Closing this issue. Please feel free to re-open this issue if above problem still exist. Thanks !!