Pipeline · Ironbank Containers / Opensource / molecule / molecule

adding fix for new packages

15 jobs for update-packages in 17 minutes and 40 seconds (queued for 22 seconds)

Status	Job ID	Name
.Pre
passed	#2826184 ironbank	load scripts	00:00:07 Apr 19, 2021

Preflight
passed	#2826186 ironbank	folder structure	00:00:05 Apr 19, 2021
passed	#2826187 ironbank	hardening_manifest	00:00:10 Apr 19, 2021
passed	#2826185 ironbank	trufflehog	00:00:10 Apr 19, 2021

Lint
passed	#2826188 ironbank	wl compare lint	00:00:10 Apr 19, 2021

Finding Compare
failed	#2826189 ironbank allowed to fail	vat compare	00:00:06 Apr 19, 2021

Import Artifacts
passed	#2826190 ironbank	import artifacts	00:00:14 Apr 19, 2021

Scan Artifacts
passed	#2826191 ironbank	clamav scan	00:15:17 Apr 19, 2021

Build
failed	#2826192 ironbank-isolated	build	00:01:33 Apr 19, 2021

Scanning
skipped	#2826196 ironbank	anchore scan
skipped	#2826193 ironbank	openscap compliance
skipped	#2826194 ironbank	openscap cve
skipped	#2826195 ironbank	twistlock scan

Csv Output
skipped	#2826197 ironbank	csv output

Check Cves
skipped	#2826198 ironbank allowed to fail	check cves

	Name	Stage
failed	build	Build
	`Uploading artifacts for failed job Uploading artifacts... ci-artifacts/build/: found 1 matching files and directories Uploading artifacts as "archive" to coordinator... ok id=2826192 responseStatus=201 Created token=ZkJ_kX8Y Uploading artifacts... WARNING: build.env: no matching files ERROR: No files to upload Cleaning up file based variables ERROR: Job failed: command terminated with exit code 1`
failed	vat compare	Finding Compare
	INFO: ('CVE-2021-23840', 'twistlock_cve', 'Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).', 'openssl-1.1.1g-15.el8_3', None) INFO: ('CVE-2020-13776', 'twistlock_cve', 'systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.', 'systemd-239-41.el8_3.1', None) INFO: ('CVE-2020-13776', 'anchore_cve', 'systemd-pam-239-41.el8_3.1\nhttps://access.redhat.com/security/cve/CVE-2020-13776', 'systemd-pam-239-41.el8_3.1', None) Uploading artifacts for failed job Uploading artifacts... ci-artifacts/compare/: found 2 matching files and directories Uploading artifacts as "archive" to coordinator... ok id=2826189 responseStatus=201 Created token=B5nswy8T Cleaning up file based variables ERROR: Job failed: command terminated with exit code 4