Clair cannot download Ubuntu CVEs anymore
Article ID: 345670
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
Symptoms:
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
- When you browse the VIC management portal (:8282), you see a yellow triangle under Administration-Configuration > Vulnerability Scanning > Database updated on.
- In the /storage/log/harbor/clair.log file, you see the entries similar to :
Jul 3 09:11:27 172.18.0.1 clair[445]: {"Event":"could not pull Ubuntu repository","Level":"error","Location":"ubuntu.go:189","Time":"2018-07-03 09:11:27.372482","error":"exit status 3","output":"bzr: ERROR: Not a branch: \"/tmp/ubuntu-cve-tracker289839870/\".\n"}
Jul 3 09:11:27 172.18.0.1 clair[445]: {"Event":"an error occured when fetching update","Level":"error","Location":"updater.go:220","Time":"2018-07-03 09:11:27.372533","error":"could not download requested resource","updater name":"ubuntu"}
OR
Jul 3 09:28:08 172.18.0.1 clair[439]: {"Event":"could not branch Ubuntu repository","Level":"error","Location":"ubuntu.go:177","Time":"2018-07-03 09:28:08.529184","error":"exit status 3","output":"bzr: ERROR: Not a branch: \"https://launchpad.net/ubuntu-cve-tracker/\".\n"}
Jul 3 09:28:08 172.18.0.1 clair[439]: {"Event":"an error occured when fetching update","Level":"error","Location":"updater.go:220","Time":"2018-07-03 09:28:08.529319","error":"could not download requested resource","updater name":"ubuntu"}
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
Environment
VMware vSphere Integrated Containers 1.0.x
VMware vSphere Integrated Containers 1.4.x
VMware vSphere Integrated Containers 1.x
VMware vSphere Integrated Containers 1.4.x
VMware vSphere Integrated Containers 1.x
Cause
The updates for the known Common Vulnerabilities and Exposures (CVE) are now provided in the git format where previously these were provided in the bzr format.
Resolution
This issue is resolved in VMware vSphere Integrated Containers 1.4.2, available at VMware Downloads.
For more information, see What's new section under VMware vSphere Integrated Containers 1.4.2 Documentation.
For more information on upgrade procedure, see Upgrading vSphere Integrated Containers.
For more information, see What's new section under VMware vSphere Integrated Containers 1.4.2 Documentation.
For more information on upgrade procedure, see Upgrading vSphere Integrated Containers.
Additional Information
Current CVEs can be found at the Ubuntu CVE Tracker
It now lists the main code as a git respository not a bzr repo.
The bzr branch links have different addresses: https://code.launchpad.net/ubuntu-cve-tracker/+branches
Source : https://github.com/coreos/clair/issues/524Impact/Risks:
New installation of VIC will not be able to scan Ubuntu based images.
Other installation which were able to download CVEs from Ubuntu are not up to date anymore.
Feedback
Yes
No
Powered by
