oracle / container-images Goto Github PK

Oracle Linux container images

License: Other

docker docker-image amd64 aarch64 oracle-linux oracle-support oracle

container-images's Introduction

Oracle Linux base images

This repo stores the architecture-specific rootfs tarballs for the official Oracle Linux base images published on Docker Hub and GitHub Container Registry.

Oracle Linux

Oracle Linux is an open-source operating system available under the GNU General Public License (GPLv2). Suitable for general purpose or Oracle workloads, it benefits from rigorous testing of more than 128,000 hours per day with real-world workloads and includes unique innovations such as Ksplice for zero-downtime kernel patching, DTrace for real-time diagnostics, the powerful Btrfs file system, and more.

How to use these images

The Oracle Linux images are intended for use in the FROM field of a downstream Dockerfile. For example, to use the latest optimized Oracle Linux 7 image, specify FROM oraclelinux:7-slim.

Changelog

Due to the fact that only the latest tarball for each tag is stored in the dist-amd64 and dist-arm64v8 branches, it is not possible to use Git's history to determine what has changed and when. Thus, we maintain a CHANGELOG in the master branch that documents the changes made to various images by date.

Differences between `oraclelinux:7` and `oraclelinux:7-slim`

Oracle recommends using oraclelinux:7-slim as your base layer as it contains just enough packages for yum to work to install more packages. Therefore, it has the smallest size and the least amount of unneeded content.

The oraclelinux:7 images is based off the package set what would be installed via a Minimal install of Oracle Linux.

Differences between `oraclelinux:8` and `oraclelinux:8-slim`

As with Oracle Linux 7, the 8-slim variant contains just enough packages to install more.

However, it also replaces the standard dnf client with the tiny microdnf tool to further reduce space. If you need the functionality of the full client, you can install it via RUN microdnf install dnf in your downstream Dockerfile.

To provide yum compatibility, use RUN microdnf install yum.

Using modules with `microdnf`

An example of how to enable module support when using microdnf can be seen in the oraclelinux:8 variants of the OracleLinuxDeveloper images in the Oracle Docker Images repo.

Finding container images of Oracle products

We provide sample Dockerfiles for several Oracle products in the Oracle Docker Images repository on GitHub. Many of these images are also available for direct download from the Oracle Container Registry.

Contributing

This project is not accepting external contributions at this time. For bugs or enhancement requests, please file a GitHub issue unless it’s security related. When filing a bug remember that the better written the bug is, the more likely it is to be fixed. If you think you’ve found a security vulnerability, do not raise a GitHub issue and follow the instructions in our security policy.

Security

Please consult the security guide for our responsible security vulnerability disclosure process

License

Released under the GPLv2. See the LICENSE.txt file in this repository for more information.

Support

Oracle provides support to Oracle Linux subscription customers via the My Oracle Support portal. The Oracle Linux Docker images are covered by Oracle Linux Basic and Premier support subscriptions. Customers should follow existing support procedures to obtain support for Oracle Linux running in a Docker container.

For users without an Oracle Linux support subscription, the following resources are available:

Official resources

Social media resources

container-images's People

Contributors

Stargazers

Watchers

container-images's Issues

docker scan(synk) reports several HIGH vulnerabilities

docker scan oraclelinux:8-slim

Testing oraclelinux:8-slim...

✗ Medium severity vulnerability found in openssl-libs
  Description: NULL Pointer Dereference
  Info: https://snyk.io/vuln/SNYK-ORACLE8-OPENSSLLIBS-2594083
  Introduced through: openssl-libs@1:1.1.1k-6.el8_5
  From: openssl-libs@1:1.1.1k-6.el8_5
  Fixed in: 2:1.1.1k-4.ksplice1.el8

✗ Medium severity vulnerability found in openssl-libs
  Description: Integer Overflow or Wraparound
  Info: https://snyk.io/vuln/SNYK-ORACLE8-OPENSSLLIBS-2594112
  Introduced through: openssl-libs@1:1.1.1k-6.el8_5
  From: openssl-libs@1:1.1.1k-6.el8_5
  Fixed in: 2:1.1.1k-4.ksplice1.el8

✗ Medium severity vulnerability found in openssl-libs
  Description: Out-of-bounds Read
  Info: https://snyk.io/vuln/SNYK-ORACLE8-OPENSSLLIBS-2594650
  Introduced through: openssl-libs@1:1.1.1k-6.el8_5
  From: openssl-libs@1:1.1.1k-6.el8_5
  Fixed in: 2:1.1.1k-5.ksplice1.el8_5

✗ Medium severity vulnerability found in libgcrypt
  Description: Information Exposure
  Info: https://snyk.io/vuln/SNYK-ORACLE8-LIBGCRYPT-2597125
  Introduced through: [email protected]
  From: [email protected]
  Fixed in: 10:1.8.5-6.el8_fips

✗ Medium severity vulnerability found in gnutls
  Description: Improper Input Validation
  Info: https://snyk.io/vuln/SNYK-ORACLE8-GNUTLS-2596965
  Introduced through: [email protected]
  From: [email protected]
  Fixed in: 10:3.6.16-4.0.1.el8_fips

✗ Medium severity vulnerability found in gnutls
  Description: Use After Free
  Info: https://snyk.io/vuln/SNYK-ORACLE8-GNUTLS-2597017
  Introduced through: [email protected]
  From: [email protected]
  Fixed in: 10:3.6.16-4.0.1.el8_fips

✗ Medium severity vulnerability found in gnutls
  Description: Use After Free
  Info: https://snyk.io/vuln/SNYK-ORACLE8-GNUTLS-2597184
  Introduced through: [email protected]
  From: [email protected]
  Fixed in: 10:3.6.16-4.0.1.el8_fips

✗ High severity vulnerability found in openssl-libs
  Description: Improper Certificate Validation
  Info: https://snyk.io/vuln/SNYK-ORACLE8-OPENSSLLIBS-2579536
  Introduced through: openssl-libs@1:1.1.1k-6.el8_5
  From: openssl-libs@1:1.1.1k-6.el8_5
  Fixed in: 2:1.1.1g-15.ksplice1.el8_3

✗ High severity vulnerability found in openssl-libs
  Description: NULL Pointer Dereference
  Info: https://snyk.io/vuln/SNYK-ORACLE8-OPENSSLLIBS-2581455
  Introduced through: openssl-libs@1:1.1.1k-6.el8_5
  From: openssl-libs@1:1.1.1k-6.el8_5
  Fixed in: 2:1.1.1g-15.ksplice1.el8_3

✗ High severity vulnerability found in openssl-libs
  Description: Loop with Unreachable Exit Condition ('Infinite Loop')
  Info: https://snyk.io/vuln/SNYK-ORACLE8-OPENSSLLIBS-2605508
  Introduced through: openssl-libs@1:1.1.1k-6.el8_5
  From: openssl-libs@1:1.1.1k-6.el8_5
  Fixed in: 2:1.1.1k-6.ksplice1.el8_5

✗ High severity vulnerability found in openssl-libs
  Description: ELSA-2019-4852
  Info: https://snyk.io/vuln/SNYK-ORACLE8-OPENSSLLIBS-2606720
  Introduced through: openssl-libs@1:1.1.1k-6.el8_5
  From: openssl-libs@1:1.1.1k-6.el8_5
  Fixed in: 2:1.1.1c-2.ksplice1.el8

I analyzed a few of them and found something weird. Example:
Example:
For: https://security.snyk.io/vuln/SNYK-ORACLE8-OPENSSLLIBS-2605508
We are using: openssl-libs@1:1.1.1k-6.el8_5
https://linux.oracle.com/errata/ELSA-2022-1065.html states that the issue was fixed in openssl-libs-1.1.1k-6.el8_5

yum does not work in OL9 containers

`docker run -ti oraclelinux:9
[root@42f41dd1fda9 /]# dnf install mc
Oracle Linux 9 BaseOS Latest (x86_64) 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository 'ol9_baseos_latest':

Curl error (6): Couldn't resolve host name for https://yum.oracle.com/repo/OracleLinux/OL9/baseos/latest/x86_64/repodata/repomd.xml [getaddrinfo() thread failed to start]
Error: Failed to download metadata for repo 'ol9_baseos_latest': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried`

SSL error with yum registry in oraclelinux:7-slim

In oraclelinux:7-slim, any usage of the yum command fails with a certificate error.

Steps to reproduce:

docker run -it oraclelinux:7-slim bash
bash-4.2# yum -y update

Results:

docker run -it oraclelinux:7-slim sh
Unable to find image 'oraclelinux:7-slim' locally
7-slim: Pulling from library/oraclelinux
Digest: sha256:0de5413fba176b3b03a7aaa3c9bd1583371ad88314b29927327ff97d5a94e7f7
Status: Downloaded newer image for oraclelinux:7-slim
sh-4.2# yum -y update
Loaded plugins: ovl
https://yum.oracle.com/repo/OracleLinux/OL7/UEKR5/x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized."
Trying other mirror.


 One of the configured repositories failed (Latest Unbreakable Enterprise Kernel Release 5 for Oracle Linux 7Server (x86_64)),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Run the command with the repository temporarily disabled
            yum --disablerepo=ol7_UEKR5 ...

     4. Disable the repository permanently, so yum won't use it by default. Yum
        will then just ignore the repository until you permanently enable it
        again or use --enablerepo for temporary usage:

            yum-config-manager --disable ol7_UEKR5
        or
            subscription-manager repos --disable=ol7_UEKR5

     5. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=ol7_UEKR5.skip_if_unavailable=true

failure: repodata/repomd.xml from ol7_UEKR5: [Errno 256] No more mirrors to try.
https://yum.oracle.com/repo/OracleLinux/OL7/UEKR5/x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized."

where can i download oraclelinux-9-amd64-rootfs.tar.xz

when i want to create oracle docker container,the docker file is
FROM scratch

ADD oraclelinux-9-amd64-rootfs.tar.xz /

overwrite this with 'CMD []' in a dependent Dockerfile

CMD ["/bin/bash"]

now I need download oraclelinux-9-amd64-rootfs.tar.xz file

Vulnerability scan reports numerous critical issues

All of the latest containers have known security vulnerabilities as reported by the Docker scans. 22 components have listed critical vulnerabilities.

https://hub.docker.com/_/oraclelinux/scans/library/oraclelinux/latest

Is there a correct way of mitigating against these issues? Is there a reason why libraries do not get upgraded and made available?

oraclelinux:8-slim cannot install packages from url

I am trying to install a rpm from a url using the 8-slim image. Microdnf apparently doesn't support this. I am able to install yum, but then all yum commands fail.

$ docker run -it --entrypoint /bin/bash oraclelinux:8-slim
bash-4.4# microdnf install -y yum

(process:7): libdnf-WARNING **: 20:19:11.240: Loading "/etc/dnf/dnf.conf": IniParser: Can't open file
Downloading metadata...
Downloading metadata...
Package                                                                                                                           Repository                                         Size
Installing:
 acl-2.2.53-1.el8.x86_64                                                                                                          ol8_baseos_latest                               82.9 kB
 cracklib-2.9.6-15.el8.x86_64                                                                                                     ol8_baseos_latest                               95.4 kB
 cryptsetup-libs-2.2.0-2.el8.x86_64                                                                                               ol8_baseos_latest                              431.7 kB
 dbus-1:1.12.8-9.0.1.el8.x86_64                                                                                                   ol8_baseos_latest                               41.5 kB
 dbus-common-1:1.12.8-9.0.1.el8.noarch                                                                                            ol8_baseos_latest                               46.4 kB
 dbus-daemon-1:1.12.8-9.0.1.el8.x86_64                                                                                            ol8_baseos_latest                              246.4 kB
 dbus-libs-1:1.12.8-9.0.1.el8.x86_64                                                                                              ol8_baseos_latest                              187.9 kB
 dbus-tools-1:1.12.8-9.0.1.el8.x86_64                                                                                             ol8_baseos_latest                               87.4 kB
 device-mapper-8:1.02.163-5.el8.x86_64                                                                                            ol8_baseos_latest                              379.9 kB
 device-mapper-libs-8:1.02.163-5.el8.x86_64                                                                                       ol8_baseos_latest                              412.6 kB
 dnf-4.2.7-7.el8_1.noarch                                                                                                         ol8_baseos_latest                              501.4 kB
 dnf-data-4.2.7-7.el8_1.noarch                                                                                                    ol8_baseos_latest                              142.3 kB
 elfutils-default-yama-scope-0.176-5.el8.noarch                                                                                   ol8_baseos_latest                               48.1 kB
 elfutils-libs-0.176-5.el8.x86_64                                                                                                 ol8_baseos_latest                              325.7 kB
 file-libs-5.33-8.el8.x86_64                                                                                                      ol8_baseos_latest                              554.7 kB
 gdbm-1:1.18-1.el8.x86_64                                                                                                         ol8_baseos_latest                              132.9 kB
 gdbm-libs-1:1.18-1.el8.x86_64                                                                                                    ol8_baseos_latest                               61.9 kB
 gzip-1.9-9.el8.x86_64                                                                                                            ol8_baseos_latest                              170.8 kB
 ima-evm-utils-1.1-5.el8.x86_64                                                                                                   ol8_baseos_latest                               56.8 kB
 iptables-libs-1.8.2-16.el8.x86_64                                                                                                ol8_baseos_latest                              100.9 kB
 kmod-libs-25-13.0.1.el8.x86_64                                                                                                   ol8_baseos_latest                               70.8 kB
 libcomps-0.1.11-2.el8.x86_64                                                                                                     ol8_baseos_latest                               82.8 kB
 libfdisk-2.32.1-17.el8.x86_64                                                                                                    ol8_baseos_latest                              254.7 kB
 libnsl2-1.2.0-2.20180605git4a062cf.el8.x86_64                                                                                    ol8_baseos_latest                               59.1 kB
 libpcap-14:1.9.0-3.el8.x86_64                                                                                                    ol8_baseos_latest                              163.8 kB
 libpwquality-1.4.0-9.el8.x86_64                                                                                                  ol8_baseos_latest                              104.9 kB
 libreport-filesystem-2.9.5-9.0.1.el8.x86_64                                                                                      ol8_baseos_latest                               21.3 kB
 libseccomp-2.4.1-1.el8.x86_64                                                                                                    ol8_baseos_latest                               66.4 kB
 libsemanage-2.9-1.el8.x86_64                                                                                                     ol8_baseos_latest                              168.8 kB
 libtirpc-1.1.4-4.el8.x86_64                                                                                                      ol8_baseos_latest                              115.1 kB
 libutempter-1.1.6-14.el8.x86_64                                                                                                  ol8_baseos_latest                               32.5 kB
 pam-1.3.1-4.el8.x86_64                                                                                                           ol8_baseos_latest                              752.2 kB
 platform-python-3.6.8-15.1.0.1.el8.x86_64                                                                                        ol8_baseos_latest                               82.8 kB
 platform-python-pip-9.0.3-15.el8.noarch                                                                                          ol8_baseos_latest                                1.9 MB
 platform-python-setuptools-39.2.0-5.el8.noarch                                                                                   ol8_baseos_latest                              646.0 kB
 python3-dnf-4.2.7-7.el8_1.noarch                                                                                                 ol8_baseos_latest                              518.0 kB
 python3-gpg-1.10.0-6.0.1.el8.x86_64                                                                                              ol8_baseos_latest                              234.4 kB
 python3-hawkey-0.35.1-9.0.1.el8_1.x86_64                                                                                         ol8_baseos_latest                               98.7 kB
 python3-libcomps-0.1.11-2.el8.x86_64                                                                                             ol8_baseos_latest                               53.6 kB
 python3-libdnf-0.35.1-9.0.1.el8_1.x86_64                                                                                         ol8_baseos_latest                              705.6 kB
 python3-libs-3.6.8-15.1.0.1.el8.x86_64                                                                                           ol8_baseos_latest                                8.2 MB
 python3-pip-wheel-9.0.3-15.el8.noarch                                                                                            ol8_baseos_latest                                1.2 MB
 python3-rpm-4.14.2-25.el8.x86_64                                                                                                 ol8_baseos_latest                              158.9 kB
 python3-setuptools-wheel-39.2.0-5.el8.noarch                                                                                     ol8_baseos_latest                              293.4 kB
 rpm-build-libs-4.14.2-25.el8.x86_64                                                                                              ol8_baseos_latest                              156.0 kB
 shadow-utils-2:4.6-8.el8.x86_64                                                                                                  ol8_baseos_latest                                1.3 MB
 systemd-239-18.0.2.el8_1.4.x86_64                                                                                                ol8_baseos_latest                                3.7 MB
 systemd-pam-239-18.0.2.el8_1.4.x86_64                                                                                            ol8_baseos_latest                              237.8 kB
 util-linux-2.32.1-17.el8.x86_64                                                                                                  ol8_baseos_latest                                2.6 MB
 yum-4.2.7-7.el8_1.noarch                                                                                                         ol8_baseos_latest                              185.2 kB
Transaction Summary:
 Installing:       50 packages
 Reinstalling:      0 packages
 Upgrading:         0 packages
 Removing:          0 packages
 Downgrading:       0 packages
Downloading packages...
Running transaction test...
Installing: libtirpc;1.1.4-4.el8;x86_64;ol8_baseos_latest
Installing: libnsl2;1.2.0-2.20180605git4a062cf.el8;x86_64;ol8_baseos_latest
Installing: python3-setuptools-wheel;39.2.0-5.el8;noarch;ol8_baseos_latest
Installing: file-libs;5.33-8.el8;x86_64;ol8_baseos_latest
Installing: ima-evm-utils;1.1-5.el8;x86_64;ol8_baseos_latest
Installing: gdbm-libs;1:1.18-1.el8;x86_64;ol8_baseos_latest
Installing: python3-pip-wheel;9.0.3-15.el8;noarch;ol8_baseos_latest
Installing: dbus-libs;1:1.12.8-9.0.1.el8;x86_64;ol8_baseos_latest
Installing: dbus-tools;1:1.12.8-9.0.1.el8;x86_64;ol8_baseos_latest
Installing: gdbm;1:1.18-1.el8;x86_64;ol8_baseos_latest
Installing: platform-python-setuptools;39.2.0-5.el8;noarch;ol8_baseos_latest
Installing: platform-python-pip;9.0.3-15.el8;noarch;ol8_baseos_latest
Installing: platform-python;3.6.8-15.1.0.1.el8;x86_64;ol8_baseos_latest
Installing: python3-libs;3.6.8-15.1.0.1.el8;x86_64;ol8_baseos_latest
Installing: python3-libdnf;0.35.1-9.0.1.el8_1;x86_64;ol8_baseos_latest
Installing: python3-hawkey;0.35.1-9.0.1.el8_1;x86_64;ol8_baseos_latest
Installing: python3-gpg;1.10.0-6.0.1.el8;x86_64;ol8_baseos_latest
Installing: libseccomp;2.4.1-1.el8;x86_64;ol8_baseos_latest
Installing: libsemanage;2.9-1.el8;x86_64;ol8_baseos_latest
Installing: shadow-utils;2:4.6-8.el8;x86_64;ol8_baseos_latest
Installing: libutempter;1.1.6-14.el8;x86_64;ol8_baseos_latest
Installing: libreport-filesystem;2.9.5-9.0.1.el8;x86_64;ol8_baseos_latest
Installing: dnf-data;4.2.7-7.el8_1;noarch;ol8_baseos_latest
Installing: dbus-common;1:1.12.8-9.0.1.el8;noarch;ol8_baseos_latest
Installing: dbus-daemon;1:1.12.8-9.0.1.el8;x86_64;ol8_baseos_latest
Installing: libfdisk;2.32.1-17.el8;x86_64;ol8_baseos_latest
Installing: gzip;1.9-9.el8;x86_64;ol8_baseos_latest
Installing: cracklib;2.9.6-15.el8;x86_64;ol8_baseos_latest
Installing: pam;1.3.1-4.el8;x86_64;ol8_baseos_latest
Installing: libpwquality;1.4.0-9.el8;x86_64;ol8_baseos_latest
Installing: util-linux;2.32.1-17.el8;x86_64;ol8_baseos_latest
Installing: libpcap;14:1.9.0-3.el8;x86_64;ol8_baseos_latest
Installing: iptables-libs;1.8.2-16.el8;x86_64;ol8_baseos_latest
Installing: libcomps;0.1.11-2.el8;x86_64;ol8_baseos_latest
Installing: (null)
Installing: python3-libcomps;0.1.11-2.el8;x86_64;ol8_baseos_latest
Installing: (null)
Installing: kmod-libs;25-13.0.1.el8;x86_64;ol8_baseos_latest
Installing: (null)
Installing: acl;2.2.53-1.el8;x86_64;ol8_baseos_latest
Installing: (null)
Installing: device-mapper;8:1.02.163-5.el8;x86_64;ol8_baseos_latest
Installing: device-mapper-libs;8:1.02.163-5.el8;x86_64;ol8_baseos_latest
Installing: (null)
Installing: cryptsetup-libs;2.2.0-2.el8;x86_64;ol8_baseos_latest
Installing: (null)
Installing: elfutils-default-yama-scope;0.176-5.el8;noarch;ol8_baseos_latest
Installing: (null)
Installing: elfutils-libs;0.176-5.el8;x86_64;ol8_baseos_latest
Installing: (null)
Installing: systemd-pam;239-18.0.2.el8_1.4;x86_64;ol8_baseos_latest
Installing: (null)
Installing: systemd;239-18.0.2.el8_1.4;x86_64;ol8_baseos_latest
Installing: (null)
Installing: dbus;1:1.12.8-9.0.1.el8;x86_64;ol8_baseos_latest
Installing: (null)
Installing: rpm-build-libs;4.14.2-25.el8;x86_64;ol8_baseos_latest
Installing: (null)
Installing: python3-rpm;4.14.2-25.el8;x86_64;ol8_baseos_latest
Installing: (null)
Installing: python3-dnf;4.2.7-7.el8_1;noarch;ol8_baseos_latest
Installing: (null)
Installing: dnf;4.2.7-7.el8_1;noarch;ol8_baseos_latest
Installing: (null)
Installing: yum;4.2.7-7.el8_1;noarch;ol8_baseos_latest
Installing: (null)
Installing: (null)
Complete.
bash-4.4# yum install -y ${RPM_URL}
Oracle Linux 8 BaseOS Latest (x86_64)                                                                                                                    0.0  B/s |   0  B     00:00    
Failed to download metadata for repo 'ol8_baseos_latest'
Error: Failed to download metadata for repo 'ol8_baseos_latest'

Oracle container registry lag

Sorry if this is the wrong place to ask, but it seemed like the quickest way to reach knowledgeable people. :)

Is there some reason the Oracle Container Registry lags so far behind both Docker Hub and GitHub Container Registry for the oraclelinux:7 image? I'm not sure if its a bug in the upload, or if maybe the README here should mention they get published on a different schedule.

Trivy reporting numerous vulnerabilities in oraclelinux:8 (and -slim)

Hey,
When scanning the oraclelinux-8 images with trivy, a number of issues gets reported (as of now 48 for 8, 44 for 8-slim)
Do you know how to solve this?
Best regards,
Anton Oellerer

Can we apply the fixes for ELSA-2021-9528 and update the docker images?

✗ High severity vulnerability found in openssl-libs
Description: ELSA-2021-9528
Info: https://snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-1769087
Introduced through: openssl-libs@1:1.0.2k-22.el7_9
From: openssl-libs@1:1.0.2k-22.el7_9
Fixed in: 10:1.0.2k-22.el7_9_fips

oraclelinux:6 fails on debian 10

docker run -ti oraclelinux:6
Fails on debian 10. On debian 9 works.
Thanks

README refers to microdnf and slim images

Ref. oracle/docker-images#2020 the use of the 8-slim base image and microdnf has been deprecated.

Readme should be updated to reflect this change.

oraclelinux:8.3 bug using gcov with preserve paths option

Calling gcov with the --preserve-paths arg, which preserves the pathnames in the output report file, causes odd behavior.

Here is a basic main:

#include <iostream>
int main() {
	std::cout << "Doing nothing :)\n";
	return 0;
}

And the command to compile it:
g++ -g -O2 --coverage my_main.cpp -o my_main

After running the executable, I call gcov with the following options:
gcov my_main.gcda --branch-counts --branch-probabilities --preserve-paths --object-directory .

Output:

>File 'my_main.cpp'
Lines executed:100.00% of 3
No branches
Calls executed:100.00% of 1
Creating '��ItU'
File '/usr/include/c++/8/iostream'
No executable lines
No branches
No calls
Removing ''

As can be seen, gcov generates a wrong output file (the expected file should be named "my_main.cpp.gcov"):

$ ls -l
-rw-r--r-- 1 root root   416 Dec 17 23:16 ''$'\240'

After analyzing it in more detail, it seems that the gcov binary has some kind of uninitialized variable when this option is activated:

$ valgrind --track-origins=yes --leak-check=full gcov my_main.gcda --branch-counts --branch-probabilities --preserve-paths --object-directory .
==54== Memcheck, a memory error detector
==54== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==54== Using Valgrind-3.16.0 and LibVEX; rerun with -h for copyright info
==54== Command: gcov my_main.gcda --branch-counts --branch-probabilities --preserve-paths --object-directory .
==54== 
File 'my_main.cpp'
Lines executed:100.00% of 3
No branches
Calls executed:100.00% of 1
==54== Syscall param openat(filename) points to uninitialised byte(s)
==54==    at 0x52AD572: open (in /usr/lib64/libc-2.28.so)
==54==    by 0x523D445: _IO_file_open (in /usr/lib64/libc-2.28.so)
==54==    by 0x523D5FC: _IO_file_fopen@@GLIBC_2.2.5 (in /usr/lib64/libc-2.28.so)
==54==    by 0x523152C: __fopen_internal (in /usr/lib64/libc-2.28.so)
==54==    by 0x16FC87: ??? (in /usr/bin/gcov)
==54==    by 0x156534: ??? (in /usr/bin/gcov)
==54==    by 0x51E37C2: (below main) (in /usr/lib64/libc-2.28.so)
==54==  Address 0x559e1e0 is 0 bytes inside a block of size 21 alloc'd
==54==    at 0x4C30F0B: malloc (vg_replace_malloc.c:307)
==54==    by 0x1682C1: ??? (in /usr/bin/gcov)
==54==    by 0x16FC0B: ??? (in /usr/bin/gcov)
==54==    by 0x156534: ??? (in /usr/bin/gcov)
==54==    by 0x51E37C2: (below main) (in /usr/lib64/libc-2.28.so)
==54==  Uninitialised value was created by a heap allocation
==54==    at 0x4C30F0B: malloc (vg_replace_malloc.c:307)
==54==    by 0x1682C1: ??? (in /usr/bin/gcov)
==54==    by 0x16FC0B: ??? (in /usr/bin/gcov)
==54==    by 0x156534: ??? (in /usr/bin/gcov)
==54==    by 0x51E37C2: (below main) (in /usr/lib64/libc-2.28.so)
==54== 
==54== Conditional jump or move depends on uninitialised value(s)
==54==    at 0x4C34329: strlen (vg_replace_strmem.c:459)
==54==    by 0x521253E: vfprintf (in /usr/lib64/libc-2.28.so)
==54==    by 0x521342D: buffered_vfprintf (in /usr/lib64/libc-2.28.so)
==54==    by 0x52108D1: vfprintf (in /usr/lib64/libc-2.28.so)
==54==    by 0x177DD9: ??? (in /usr/bin/gcov)
==54==    by 0x170AA3: ??? (in /usr/bin/gcov)
==54==    by 0x156534: ??? (in /usr/bin/gcov)
==54==    by 0x51E37C2: (below main) (in /usr/lib64/libc-2.28.so)
==54==  Uninitialised value was created by a heap allocation
==54==    at 0x4C30F0B: malloc (vg_replace_malloc.c:307)
==54==    by 0x1682C1: ??? (in /usr/bin/gcov)
==54==    by 0x16FC0B: ??? (in /usr/bin/gcov)
==54==    by 0x156534: ??? (in /usr/bin/gcov)
==54==    by 0x51E37C2: (below main) (in /usr/lib64/libc-2.28.so)
==54== 
Could not open output file ''

Expected:
We have tried the same steps with the same version of gcov ((GCC) 8.3.1 20191121 (Red Hat 8.3.1-5)), but with the binary provided by Centos8 and it works fine:

$ gcov my_main.gcda --branch-counts --branch-probabilities --preserve-paths --object-directory .
File 'my_main.cpp'
Lines executed:100.00% of 3
No branches
Calls executed:100.00% of 1
Creating 'my_main.cpp.gcov'

File '/usr/include/c++/8/iostream'
No executable lines
No branches
No calls
Removing '#usr#include#c++#8#iostream.gcov'

(Edited to fix the code formatting)

jfrog reports several medium and low vulnerabilities for oraclelinux:8-slim

The following report was generated by scanning oraclelinux:8-slim with jfrog and several of these are really old(2018,2019,2020)

Summary	CVEs	Severity	Type	Provider	Component	Infected Version	Edited	Component Versions Id	CVSS v2	CVSS v3	Cwe	Id	Is Source Root	Source Comp Id	Source Id
CVE-2022-23308 libxml2: Use-after-free of ID and IDREF attributes	CVE-2022-23308	Medium	security	JFrog	8:libxml2	All Versions	2022-06-06T21:44:08Z	8:libxml2	4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P	8.1/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	CWE-416	XRAY-198750	false	rpm://8:libxml2:0:2.9.7-13.el8	rpm://8:libxml2
CVE-2021-31566 libarchive: symbolic links incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive	CVE-2021-31566	Medium	security	JFrog	8:libarchive	All Versions	2022-05-20T21:44:11Z	8:libarchive		4.4/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	CWE-59	XRAY-192332	false	rpm://8:libarchive:0:3.3.3-3.el8_5	rpm://8:libarchive
CVE-2020-21674 libarchive: heap-based buffer overflow in archive_string_append_from_wcs function in archive_string.c (moderate)	CVE-2020-21674	Medium	security	JFrog	8:libarchive	All Versions	2022-02-22T06:54:06Z	8:libarchive	4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P	7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	CWE-787->CWE-122,CWE-787	XRAY-133961	false	rpm://8:libarchive:0:3.3.3-3.el8_5	rpm://8:libarchive
CVE-2022-1586 pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c	CVE-2022-1586	Medium	security	JFrog	8:pcre2	All Versions	2022-05-27T21:44:24Z	8:pcre2	6.4/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:P	7.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H	CWE-125	XRAY-209666	false	rpm://8:pcre2:0:10.32-2.el8	rpm://8:pcre2
CVE-2019-17543 lz4: heap-based buffer overflow in LZ4_write32 (moderate)	CVE-2019-17543	Medium	security	JFrog	8:lz4-libs	All Versions	2022-02-22T06:55:21Z	8:lz4-libs	6.8/CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P	8.1/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	CWE-122,CWE-787	XRAY-134601	false	rpm://8:lz4-libs:0:1.8.3-3.el8_4	rpm://8:lz4-libs
CVE-2019-12904 Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack (moderate)	CVE-2019-12904	Medium	security	JFrog	8:libgcrypt	All Versions	2022-02-22T06:56:02Z	8:libgcrypt	4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N	5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	CWE-385,CWE-310	XRAY-133231	false	rpm://8:libgcrypt:0:1.8.5-6.el8	rpm://8:libgcrypt
CVE-2022-1434 openssl: Incorrect MAC key used in the RC4-MD5 ciphersuite (moderate)	CVE-2022-1434	Medium	security	JFrog	8:openssl-libs	All Versions	2022-05-25T21:44:24Z	8:openssl-libs	4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N	5.9/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N	CWE-327	XRAY-210787	false	rpm://8:openssl-libs:1:1.1.1k-6.el8_5	rpm://8:openssl-libs
CVE-2019-1010022 glibc: stack guard protection bypass (moderate)	CVE-2019-1010022	Medium	security	JFrog	8:glibc-common	All Versions	2022-02-22T06:56:01Z	8:glibc-common	7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P	8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	CWE-121->CWE-119->CWE-305,CWE-119	XRAY-133149	false	rpm://8:glibc-common:0:2.28-189.1.0.1.el8	rpm://8:glibc-common
CVE-2019-1010022 glibc: stack guard protection bypass (moderate)	CVE-2019-1010022	Medium	security	JFrog	8:glibc	All Versions	2022-02-22T06:56:01Z	8:glibc	7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P	8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	CWE-121->CWE-119->CWE-305,CWE-119	XRAY-133149	false	rpm://8:glibc:0:2.28-189.1.0.1.el8	rpm://8:glibc
CVE-2021-3521 rpm: RPM does not require subkeys to have a valid binding signature	CVE-2021-3521	Medium	security	JFrog	8:rpm	All Versions	2022-05-20T21:44:10Z	8:rpm		4.4/CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N	CWE-347	XRAY-185978	false	rpm://8:rpm:0:4.14.3-23.el8	rpm://8:rpm
CVE-2018-20839 systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker (moderate)	CVE-2018-20839	Medium	security	JFrog	8:systemd-libs	All Versions	2022-02-22T06:55:28Z	8:systemd-libs	4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N	6.4/CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H	CWE-200	XRAY-134751	false	rpm://8:systemd-libs:0:239-58.0.1.el8	rpm://8:systemd-libs
CVE-2019-1010022 glibc: stack guard protection bypass (moderate)	CVE-2019-1010022	Medium	security	JFrog	8:glibc-minimal-langpack	All Versions	2022-02-22T06:56:01Z	8:glibc-minimal-langpack	7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P	8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	CWE-121->CWE-119->CWE-305,CWE-119	XRAY-133149	false	rpm://8:glibc-minimal-langpack:0:2.28-189.1.0.1.el8	rpm://8:glibc-minimal-langpack
CVE-2022-27776 curl: auth/cookie leak on redirect	CVE-2022-27776	Medium	security	JFrog	8:curl	All Versions	2022-06-16T21:44:45Z	8:curl	4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N	4.3/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N	CWE-522	XRAY-209155	false	rpm://8:curl:0:7.61.1-22.el8	rpm://8:curl
CVE-2021-42694 Developer environment: Homoglyph characters can lead to trojan source attack (moderate)	CVE-2021-42694	Medium	security	JFrog	8:libgcc	All Versions	2022-02-22T07:03:20Z	8:libgcc	5.1/CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:P/A:P	8.5/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H	CWE-838,CWE-94	XRAY-189600	false	rpm://8:libgcc:0:8.5.0-10.0.2.el8	rpm://8:libgcc
CVE-2021-42694 Developer environment: Homoglyph characters can lead to trojan source attack (moderate)	CVE-2021-42694	Medium	security	JFrog	8:libstdc++	All Versions	2022-02-22T07:03:20Z	8:libstdc++	5.1/CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:P/A:P	8.5/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H	CWE-838,CWE-94	XRAY-189600	false	rpm://8:libstdc++:0:8.5.0-10.0.2.el8	rpm://8:libstdc++
CVE-2022-29155 openldap: OpenLDAP SQL injection (moderate)	CVE-2022-29155	Medium	security	JFrog	8:openldap	All Versions	2022-05-20T21:44:17Z	8:openldap	7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P	6.5/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N	CWE-89	XRAY-209689	false	rpm://8:openldap:0:2.4.46-18.el8	rpm://8:openldap
CVE-2022-27782 curl: TLS and SSH connection too eager reuse	CVE-2022-27782	Medium	security	JFrog	8:curl	All Versions	2022-06-12T21:44:08Z	8:curl	5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N	6.0/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L	CWE-287,CWE-295	XRAY-210045	false	rpm://8:curl:0:7.61.1-22.el8	rpm://8:curl
CVE-2022-1292 openssl: c_rehash script allows command injection (moderate)	CVE-2022-1292	Medium	security	JFrog	8:openssl-libs	All Versions	2022-06-12T21:44:08Z	8:openssl-libs	10.0/CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C	5.3/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	CWE-77,CWE-78	XRAY-209571	false	rpm://8:openssl-libs:1:1.1.1k-6.el8_5	rpm://8:openssl-libs
CVE-2017-14502 libarchive: Off-by-one error in the read_header function (moderate)	CVE-2017-14502	Medium	security	JFrog	8:libarchive	All Versions	2022-02-22T06:54:07Z	8:libarchive	5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P	7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	CWE-193,CWE-125	XRAY-131952	false	rpm://8:libarchive:0:3.3.3-3.el8_5	rpm://8:libarchive
CVE-2022-22576 curl: OAUTH2 bearer bypass in connection re-use	CVE-2022-22576	Medium	security	JFrog	8:curl	All Versions	2022-06-10T21:44:17Z	8:curl	5.5/CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:N	4.6/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N	CWE-287	XRAY-209153	false	rpm://8:curl:0:7.61.1-22.el8	rpm://8:curl
CVE-2022-29824 libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write (moderate)	CVE-2022-29824	Medium	security	JFrog	8:libxml2	All Versions	2022-05-20T21:44:17Z	8:libxml2	4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P	7.4/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H	CWE-190	XRAY-209696	false	rpm://8:libxml2:0:2.9.7-13.el8	rpm://8:libxml2
CVE-2021-35937 rpm: TOCTOU race in checks for unsafe symlinks	CVE-2021-35937	Medium	security	JFrog	8:rpm	All Versions	2022-05-20T21:44:11Z	8:rpm		6.3/CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H	(CWE-59\|CWE-367)	XRAY-178848	false	rpm://8:rpm:0:4.14.3-23.el8	rpm://8:rpm
CVE-2022-27774 curl: credential leak on redirect	CVE-2022-27774	Medium	security	JFrog	8:curl	All Versions	2022-06-16T21:44:45Z	8:curl	3.5/CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:N/A:N	5.0/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L	CWE-522	XRAY-209154	false	rpm://8:curl:0:7.61.1-22.el8	rpm://8:curl
CVE-2021-35938 rpm: races with chown/chmod/capabilities calls during installation	CVE-2021-35938	Medium	security	JFrog	8:rpm	All Versions	2022-05-20T21:44:10Z	8:rpm		6.5/CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H	CWE-59	XRAY-178847	false	rpm://8:rpm:0:4.14.3-23.el8	rpm://8:rpm
CVE-2021-40528 libgcrypt: ElGamal implementation allows plaintext recovery	CVE-2021-40528	Medium	security	JFrog	8:libgcrypt	All Versions	2022-02-22T07:03:18Z	8:libgcrypt	2.6/CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N	5.9/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	CWE-327	XRAY-188668	false	rpm://8:libgcrypt:0:1.8.5-6.el8	rpm://8:libgcrypt
CVE-2021-23177 libarchive: extracting a symlink with ACLs modifies ACLs of target	CVE-2021-23177	Medium	security	JFrog	8:libarchive	All Versions	2022-05-20T21:44:11Z	8:libarchive		6.6/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L	CWE-59	XRAY-192333	false	rpm://8:libarchive:0:3.3.3-3.el8_5	rpm://8:libarchive
CVE-2021-35939 rpm: checks for unsafe symlinks are not performed for intermediary directories	CVE-2021-35939	Medium	security	JFrog	8:rpm	All Versions	2022-05-20T21:44:11Z	8:rpm		6.5/CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H	CWE-59	XRAY-178849	false	rpm://8:rpm:0:4.14.3-23.el8	rpm://8:rpm
CVE-2018-1000880 libarchive: Improper input validation in WARC parser resulting in a denial of service (low)	CVE-2018-1000880	Low	security	JFrog	8:libarchive	All Versions	2022-02-22T06:55:28Z	8:libarchive	4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P	3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L	CWE-20,CWE-119	XRAY-134705	false	rpm://8:libarchive:0:3.3.3-3.el8_5	rpm://8:libarchive
CVE-2018-19211 ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c (low)	CVE-2018-19211	Low	security	JFrog	8:ncurses-libs	All Versions	2022-02-22T06:55:29Z	8:ncurses-libs	4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P	4.7/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H	CWE-119,CWE-476	XRAY-132928	false	rpm://8:ncurses-libs:0:6.1-9.20180224.el8	rpm://8:ncurses-libs
CVE-2018-19211 ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c (low)	CVE-2018-19211	Low	security	JFrog	8:ncurses-base	All Versions	2022-02-22T06:55:29Z	8:ncurses-base	4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P	4.7/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H	CWE-119,CWE-476	XRAY-132928	false	rpm://8:ncurses-base:0:6.1-9.20180224.el8	rpm://8:ncurses-base
CVE-2018-19217 ncurses: Null pointer dereference at function _nc_name_match (low)	CVE-2018-19217	Low	security	JFrog	8:ncurses-libs	All Versions	2022-06-10T21:44:09Z	8:ncurses-libs	4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P	4.7/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H	CWE-119,CWE-476	XRAY-132932	false	rpm://8:ncurses-libs:0:6.1-9.20180224.el8	rpm://8:ncurses-libs
CVE-2018-19217 ncurses: Null pointer dereference at function _nc_name_match (low)	CVE-2018-19217	Low	security	JFrog	8:ncurses-base	All Versions	2022-06-10T21:44:09Z	8:ncurses-base	4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P	4.7/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H	CWE-119,CWE-476	XRAY-132932	false	rpm://8:ncurses-base:0:6.1-9.20180224.el8	rpm://8:ncurses-base
CVE-2017-14166 libarchive: Heap-based buffer over-read in the atol8 function (low)	CVE-2017-14166	Low	security	JFrog	8:libarchive	All Versions	2022-02-22T06:55:25Z	8:libarchive	4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P	3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L	CWE-122,CWE-125	XRAY-131928	false	rpm://8:libarchive:0:3.3.3-3.el8_5	rpm://8:libarchive
CVE-2019-9936 sqlite: heap-based buffer over-read in function fts5HashEntrySort in sqlite3.c (low)	CVE-2019-9936	Low	security	JFrog	8:sqlite-libs	All Versions	2022-06-10T21:44:09Z	8:sqlite-libs	5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N	3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	CWE-122,CWE-125	XRAY-134833	false	rpm://8:sqlite-libs:0:3.26.0-15.el8	rpm://8:sqlite-libs
CVE-2021-44568 libsolv: heap-overflows in resolve_dependencies function	CVE-2021-44568	Low	security	JFrog	8:libsolv	All Versions	2022-05-20T21:44:16Z	8:libsolv	4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P	6.3/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H	CWE-125,CWE-787	XRAY-199742	false	rpm://8:libsolv:0:0.7.20-1.el8	rpm://8:libsolv
CVE-2019-8906 file: out-of-bounds read in do_core_note in readelf.c (low)	CVE-2019-8906	Low	security	JFrog	8:file-libs	All Versions	2022-02-22T06:55:25Z	8:file-libs	3.6/CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:P	5.4/CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L	CWE-125	XRAY-134829	false	rpm://8:file-libs:0:5.33-20.el8	rpm://8:file-libs
CVE-2018-1000654 libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion (low)	CVE-2018-1000654	Low	security	JFrog	8:libtasn1	All Versions	2022-02-22T06:55:16Z	8:libtasn1	7.1/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C	4.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L	CWE-20->CWE-400,NVD-CWE-noinfo	XRAY-132660	false	rpm://8:libtasn1:0:4.13-3.el8	rpm://8:libtasn1
CVE-2021-4209 GnuTLS: Null pointer dereference in MD_UPDATE	CVE-2021-4209	Low	security	JFrog	8:gnutls	All Versions	2022-05-20T21:44:11Z	8:gnutls		6.5/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	CWE-476	XRAY-198315	false	rpm://8:gnutls:0:3.6.16-4.el8	rpm://8:gnutls
CVE-2017-14501 libarchive: Out-of-bounds read in parse_file_info (low)	CVE-2017-14501	Low	security	JFrog	8:libarchive	All Versions	2022-02-22T06:56:10Z	8:libarchive	4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P	3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L	CWE-125	XRAY-131951	false	rpm://8:libarchive:0:3.3.3-3.el8_5	rpm://8:libarchive
CVE-2019-12900 bzip2: out-of-bounds write in function BZ2_decompress (low)	CVE-2019-12900	Low	security	JFrog	8:bzip2-libs	All Versions	2022-06-10T21:44:08Z	8:bzip2-libs	7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P	4.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L	CWE-787	XRAY-133230	false	rpm://8:bzip2-libs:0:1.0.6-26.el8	rpm://8:bzip2-libs
CVE-2018-16428 glib2: NULL pointer dereference in g_markup_parse_context_end_parse() function in gmarkup.c (low)	CVE-2018-16428	Low	security	JFrog	8:glib2	All Versions	2022-02-22T06:55:21Z	8:glib2	7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P	9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	CWE-119,CWE-476	XRAY-132844	false	rpm://8:glib2:0:2.56.4-158.el8	rpm://8:glib2
CVE-2021-45346 sqlite: crafted SQL query allows a malicious user to obtain sensitive information (low)	CVE-2021-45346	Low	security	JFrog	8:sqlite-libs	All Versions	2022-05-01T21:44:13Z	8:sqlite-libs	4.0/CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N	3.1/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N	CWE-401->CWE-200,CWE-401	XRAY-209065	false	rpm://8:sqlite-libs:0:3.26.0-15.el8	rpm://8:sqlite-libs
CVE-2018-20657 libiberty: Memory leak in demangle_template function resulting in a denial of service (low)	CVE-2018-20657	Low	security	JFrog	8:libstdc++	All Versions	2022-02-22T06:55:41Z	8:libstdc++	5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P	3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L	CWE-400,CWE-772	XRAY-132991	false	rpm://8:libstdc++:0:8.5.0-10.0.2.el8	rpm://8:libstdc++
CVE-2018-20657 libiberty: Memory leak in demangle_template function resulting in a denial of service (low)	CVE-2018-20657	Low	security	JFrog	8:libgcc	All Versions	2022-02-22T06:55:41Z	8:libgcc	5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P	3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L	CWE-400,CWE-772	XRAY-132991	false	rpm://8:libgcc:0:8.5.0-10.0.2.el8	rpm://8:libgcc
CVE-2021-43618 gmp: Integer overflow and resultant buffer overflow via crafted input (low)	CVE-2021-43618	Low	security	JFrog	8:gmp	All Versions	2022-05-20T21:44:11Z	8:gmp	5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P	4.0/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L	CWE-190	XRAY-191006	false	rpm://8:gmp:1:6.1.2-10.el8	rpm://8:gmp
CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low)	CVE-2019-14250	Low	security	JFrog	8:libstdc++	All Versions	2022-02-22T06:56:11Z	8:libstdc++	4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P	3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L	CWE-20->CWE-190->CWE-125,CWE-787,CWE-190	XRAY-133283	false	rpm://8:libstdc++:0:8.5.0-10.0.2.el8	rpm://8:libstdc++
CVE-2018-1000879 libarchive: NULL pointer dereference in ACL parser resulting in a denial of service (low)	CVE-2018-1000879	Low	security	JFrog	8:libarchive	All Versions	2022-02-22T06:55:25Z	8:libarchive	4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P	3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L	CWE-476	XRAY-134704	false	rpm://8:libarchive:0:3.3.3-3.el8_5	rpm://8:libarchive
CVE-2019-9937 sqlite: null-pointer dereference in function fts5ChunkIterate in sqlite3.c (low)	CVE-2019-9937	Low	security	JFrog	8:sqlite-libs	All Versions	2022-06-10T21:44:09Z	8:sqlite-libs	5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P	3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L	CWE-476	XRAY-134834	false	rpm://8:sqlite-libs:0:3.26.0-15.el8	rpm://8:sqlite-libs
CVE-2019-19244 sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage (low)	CVE-2019-19244	Low	security	JFrog	8:sqlite-libs	All Versions	2022-02-22T06:56:18Z	8:sqlite-libs	5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P	7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	CWE-20,NVD-CWE-noinfo	XRAY-133415	false	rpm://8:sqlite-libs:0:3.26.0-15.el8	rpm://8:sqlite-libs
CVE-2019-8905 file: stack-based buffer over-read in do_core_note in readelf.c (low)	CVE-2019-8905	Low	security	JFrog	8:file-libs	All Versions	2022-02-22T06:55:25Z	8:file-libs	3.6/CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:P	5.4/CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L	CWE-125	XRAY-134828	false	rpm://8:file-libs:0:5.33-20.el8	rpm://8:file-libs
CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low)	CVE-2019-14250	Low	security	JFrog	8:libgcc	All Versions	2022-02-22T06:56:11Z	8:libgcc	4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P	3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L	CWE-20->CWE-190->CWE-125,CWE-787,CWE-190	XRAY-133283	false	rpm://8:libgcc:0:8.5.0-10.0.2.el8	rpm://8:libgcc

how can i get oraclelinux-7.5-rootfs.tar.xz

When will fixes be available for ELSA-2021-9344 ?

Missing X-slim-latest tag

I think the tagging of the slim-images should be done in another way.

The way it is set up today, it is not possible to pull a previous version 7 slim-image, for instance version 7.5-slim. It is just 7-slim, which is actually just a slim latest version.

It should be this way:
7-slim-latest (the latest version in slim-form, what is tagged as 7-slim today)
7.5-slim
7.4-slim
etc.

Read about Docker and the :latest anti-pattern here: http://blog.benhall.me.uk/2015/01/dockerfile-latest-tag-anti-pattern/

Fix docker pull information on the Docker Hub

The Docker Hub page for Oracle Linux guides the user to issue this command: docker pull oraclelinux without any tag. This is interpreted by docker cli as using the latest tag, which does not exist as mentioned lower in the README.

Yet, when using the suggested command, the user gets the error output below:

❯ docker pull oraclelinux
Using default tag: latest
Error response from daemon: manifest for oraclelinux:latest not found: manifest unknown: manifest unknown

It would be a better user experience if the first command a user execute do not fail. I would prefer to get an opinionated suggestion to use oraclelinux:8 for example and look at existing tags later if this doesn't work for my particular requirements, rather than having to enter troubleshooting mode right at the beginning.

build process

Greetings,

Where can we see how these images are built: scripts, kickstart, ...

Slim builds should include their base version

Full builds have 6.10 etc... but slim builds don't include a full version number, should we just assume they're the latest of the whole version?

oraclelinux/manifests/7-slim broken

I got error when run:
./buildContainerImage.sh -e -v 19.3.0 -t oracle19c:1.0.0 -o '--build-arg SLIMMING=false'

Error:
` => ERROR [internal] load metadata for docker.io/library/oraclelinux:7-sl 30.0s

[internal] load metadata for docker.io/library/oraclelinux:7-slim:

Dockerfile:23

21 | # Pull base image
22 | # ---------------
23 | >>> FROM oraclelinux:7-slim as base
24 |
25 | # Labels

ERROR: failed to solve: DeadlineExceeded: DeadlineExceeded: oraclelinux:7-slim: failed to do request: Head "https://registry-1.docker.io/v2/library/oraclelinux/manifests/7-slim":

ERROR: Oracle Database container image was NOT successfully created.
ERROR: Check the output and correct any reported problems with the build operation.`

Cannot install packages on oraclelinux:8(-slim)

I'm trying to install unzip and can't get (micro)dnf working:

docker run -it --entrypoint sh oraclelinux:8
sh-4.4# dnf install unzip
Oracle Linux 8 BaseOS Latest (x86_64)                                                                                           0.0  B/s |   0  B     00:00    
Errors during downloading metadata for repository 'ol8_baseos_latest':
  - Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://yum.oracle.com/repo/OracleLinux/OL8/baseos/latest/x86_64/repodata/repomd.xml [SSL certificate problem: unable to get local issuer certificate]
Error: Failed to download metadata for repo 'ol8_baseos_latest': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

docker run -it --entrypoint sh oraclelinux:8-slim
sh-4.4# microdnf install unzip
Downloading metadata...
error: cannot update repo 'ol8_baseos_latest': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://yum.oracle.com/repo/OracleLinux/OL8/baseos/latest/x86_64/repodata/repomd.xml [SSL certificate problem: unable to get local issuer certificate]

I can access https://yum.oracle.com/repo/OracleLinux/OL8/baseos/latest/x86_64/repodata/repomd.xml with no problem

please upload 8.4 image to the Docker Hub

Hello! If I start an oraclelinux:8 container and dnf install cmake, cmake does not work, because it needs the libarchive version from 8.4, but the image is still 8.3. dnf upgrade, of course, fixes that, but it was puzzling me for a while.

Can you please put an 8.4 image on dockerhub? As a nice side effect, this will save users some disk space because dnf upgrade doesn't have to fill a layer with all the things that are new in 8.4.

stable tags of slim variants not available

7-slim etc are constantly rewritten - there are no 7.7-slim versions with venerable ages like there are for the plain 7.7 etc variants that go right back and are untouched - this means we cannot get a stable build without producing in house 7-slim-DATE tags many of which will be identical to each other since we can't know when a new one comes except through manual inspection.

Similarly the Dockerfile has no history, just a single commit 8 days ago in line with the timing of the tags themselves. I speculate that you're committing binaries to the repo and want to keep it slim-ish by force pushing on the regular or something? Not a pleasant architecture to consume or work with overall.

oraclelinux:8 missing libsystemd-shared-239.so

hello,

libsystemd-shared-239.so seems to be missing from oraclelinux:8 image, so most systemd commands are failing:

[root@ce975cbaebf1 /]# systemctl status
systemctl: error while loading shared libraries: libsystemd-shared-239.so: cannot open shared object file: No such file or directory
[root@ce975cbaebf1 bin]# rpm -ql systemd | grep libsystemd
/usr/lib/systemd/libsystemd-shared-239.so
[root@ce975cbaebf1 bin]# ls -l /usr/lib/systemd/libsystemd-shared-239.so
ls: cannot access '/usr/lib/systemd/libsystemd-shared-239.so': No such file or directory

thanks
-taj

Package manager missing on 8-slim and 9-slim

Neither dnf or yum are installed on 8-slim or 9-slim.

Error pulling image oraclelinux:7.4

Previously we were able to pull oraclelinux:7.4 image, but now the image pull fails with the following error:
no matching manifest for linux/amd64 in the manifest list entries.

Naming difference

Why suddenly from Oracle Linux 7.8 is named as 7, not like other images? are you going to follow the same ?

Until 7.7 the image file name is oraclelinux-7.7-rootfs.tar.xz but now after 7.8 its oraclelinux-7-amd64-rootfs.tar.xz why ?

7-slim/oraclelinux-7-slim-amd64-rootfs.tar.xz
7.0/oraclelinux-7.0.tar.xz
7.1/oraclelinux-7.1.tar.xz
7.2/oraclelinux-7.2-rootfs.tar.xz
7.3/oraclelinux-7.3-rootfs.tar.xz
7.4/oraclelinux-7.4-rootfs.tar.xz
7.5/oraclelinux-7.5-rootfs.tar.xz
7.6/oraclelinux-7.6-rootfs.tar.xz
7.7/oraclelinux-7.7-rootfs.tar.xz
7.8/oraclelinux-7-amd64-rootfs.tar.xz

same for 8 too

8-slim/oraclelinux-8-slim-amd64-rootfs.tar.xz
8.0/oraclelinux-8.0-rootfs.tar.xz
8.1/oraclelinux-8.1-rootfs.tar.xz
8.2/oraclelinux-8-amd64-rootfs.tar.xz

Docker Hub README content for official Oraclelinux image needs updating

https://hub.docker.com/_/oraclelinux lacks content on oraclelinux:8-slim's use of microdnf and still mentions Oracle Linux 6 as a supported platform.

oraclelinux:8 /usr/share/zoneinfo doesn't exists

tzdata is installed, but /usr/share/zoneinfo doesn't exists.

"dnf reinstall -y tzdata" inside the container creates /usr/share/zoneinfo

Apply ELSA-2022-4796, ELSA-2022-4799 to oraclelinux:8

Please apply the below patches to oraclelinux:8 image:

ELSA-2022-4796
ELSA-2022-4799

problem with repodata in OL8/baseos/latest for package libnghttp2-1.33.0-5.el8_9.x86_64.rpm

yum update reports:
[MIRROR] libnghttp2-1.33.0-5.el8_9.x86_64.rpm: Interrupted by header callback: Server reports Content-Length: 78564 but expected size is: 78568

according to https://yum.oracle.com/repo/OracleLinux/OL8/baseos/latest/x86_64/repodata/695c622bcbc48edddc27b332c92d74f1e1c9e79b-primary.xml.gz

<package type="rpm">
  <name>libnghttp2</name>
  <arch>x86_64</arch>
  <version epoch="0" ver="1.33.0" rel="5.el8_9"/>
  <checksum type="sha1" pkgid="YES">f13e3b74af8610eacb339405194c2b9d7092061f</checksum>
  <summary>A library implementing the HTTP/2 protocol</summary>
  <description>libnghttp2 is a library implementing the Hypertext Transfer Protocol
version 2 (HTTP/2) protocol in C.</description>
  <packager></packager>
  <url>https://nghttp2.org/</url>
  <time file="1700531774" build="1700531467"/>
  <size package="78568" installed="168244" archive="169456"/>
  <location href="getPackage/libnghttp2-1.33.0-5.el8_9.x86_64.rpm"/>
  <format>
    <rpm:license>MIT</rpm:license>
    <rpm:vendor>Oracle America</rpm:vendor>
    <rpm:group>Development/Libraries</rpm:group>
    <rpm:buildhost>build-ol8-x86_64.oracle.com</rpm:buildhost>
    <rpm:sourcerpm>nghttp2-1.33.0-5.el8_9.src.rpm</rpm:sourcerpm>
    <rpm:header-range start="4504" end="13616"/>
    <rpm:provides>
      <rpm:entry name="libnghttp2" flags="EQ" epoch="0" ver="1.33.0" rel="5.el8_9"/>
      <rpm:entry name="libnghttp2(x86-64)" flags="EQ" epoch="0" ver="1.33.0" rel="5.el8_9"/>
      <rpm:entry name="libnghttp2.so.14()(64bit)"/>
    </rpm:provides>
    <rpm:requires>
      <rpm:entry name="rtld(GNU_HASH)"/>
      <rpm:entry name="libc.so.6(GLIBC_2.17)(64bit)"/>
    </rpm:requires>
  </format>
</package>

stat libnghttp2-1.33.0-5.el8_9.x86_64.rpm
File: libnghttp2-1.33.0-5.el8_9.x86_64.rpm
Size: 78564 Blocks: 160 IO Block: 4096 regular file

How to install en_US.UTF-8 locale for oraclelinux:7-slim image?

Couldn't figure it out (no localectl, etc.). Any hint appreciated.

I found an earlier issue for the same in 8-slim image, but the resolution suggested there (#20)
is not working on 7-slim.

How to install en_US.UTF-8 locale for oraclelinux:8-slim image?

Couldn't figure it out (no localectl, etc.). Any hint appreciated.

OracleLinux:7 image having high vulnerabilities with openssl-libs as per Snyk

I'm using oraclelinux:7 as my base image, but still, it has a few high vulnerabilities. Could you please suggest getting the updated openssl-libs with oraclelinux:7 ? Or where can we download the OpenSSL-libs library with the patch?

✗ Medium severity vulnerability found in openssl-libs
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2602940
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.2k-23.ksplice1.el7_9

✗ Medium severity vulnerability found in openssl-libs
Description: ELSA-2017-3518
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2606539
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-60.ksplice1.el7_3.1

✗ Medium severity vulnerability found in openssl-libs
Description: ELSA-2019-4754
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2606752
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.2k-19.0.1.ksplice1.el7

✗ High severity vulnerability found in openssl-libs
Description: Cryptographic Issues
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2505233
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5

✗ High severity vulnerability found in openssl-libs
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2505373
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5

✗ High severity vulnerability found in openssl-libs
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2505618
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5

✗ High severity vulnerability found in openssl-libs
Description: Resource Management Errors
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2505658
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5

✗ High severity vulnerability found in openssl-libs
Description: Numeric Errors
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2507388
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

✗ High severity vulnerability found in openssl-libs
Description: Resource Management Errors
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2507411
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

✗ High severity vulnerability found in openssl-libs
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2507587
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

✗ High severity vulnerability found in openssl-libs
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2507608
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

✗ High severity vulnerability found in openssl-libs
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2508032
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5

✗ High severity vulnerability found in openssl-libs
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2508213
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5

✗ High severity vulnerability found in openssl-libs
Description: Numeric Errors
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2508299
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5

✗ High severity vulnerability found in openssl-libs
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2509593
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

✗ High severity vulnerability found in openssl-libs
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2510037
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

✗ High severity vulnerability found in openssl-libs
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2510043
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

✗ High severity vulnerability found in openssl-libs
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2510123
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

✗ High severity vulnerability found in openssl-libs
Description: Memory Leak
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2510229
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

✗ High severity vulnerability found in openssl-libs
Description: NULL Pointer Dereference
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2588958
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.2k-22.ksplice1.el7_9

✗ High severity vulnerability found in openssl-libs
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2590607
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.2k-22.ksplice1.el7_9

✗ High severity vulnerability found in openssl-libs
Description: Loop with Unreachable Exit Condition ('Infinite Loop')
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2605530
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 10:1.0.2k-25.el7_9_fips

✗ High severity vulnerability found in openssl-libs
Description: ELSA-2016-3523
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2606481
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.4

✗ High severity vulnerability found in openssl-libs
Description: ELSA-2018-4077
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2606565
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.2k-12.0.1.ksplice1.el7

✗ High severity vulnerability found in openssl-libs
Description: ELSA-2018-4267
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2606614
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.2k-16.0.1.ksplice1.el7

✗ High severity vulnerability found in openssl-libs
Description: ELSA-2018-4253
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2606634
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.2k-12.0.3.ksplice1.el7

✗ High severity vulnerability found in openssl-libs
Description: ELSA-2019-4581
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2606653
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.2k-16.0.1.ksplice1.el7_6.1

Package manager: rpm
Platform: linux/amd64
Base image: oraclelinux:7.9

Thanks
Manoj

Could not reach any registry endpoint

I'm trying to pull any of the oraclelinux images and am getting 'Could not reach any registry endpoint' errors.

[root@SERVER123 ~]# docker pull oraclelinux:6-slim
6-slim: Pulling from oraclelinux
3690474eb5b4: Download complete
cd4582e8e027: Pulling fs layer
cd4582e8e027: Downloading 2.653 MB/43.75 MB
Pulling repository oraclelinux
FATA[0001] Could not reach any registry endpoint

yum introduces broken repo when used in OCI

Using the oraclelinux:7-slim (93c6055c3338) image in OCI (Oracle Cloud) and calling yum update -y twice results in a 404 error:
http://yum.oracle.com/repo/OracleLinux/OL7/oci/included/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
After updating the first time there is an enabled ol7_ociyum_config repo that points to a non-existent URL which causes the subsequent yum update to fail.
This only occurs inside OCI.
To reproduce:

Create VM in OCI and install docker-engine
docker run -it --rm --name foobar oraclelinux:7-slim /bin/bash
call yum update -y twice

oracle linux 8-slim doesn't have 'find' command

I found that the latest slim image doesn't have find command installed in it.
How would I install it myself?

I tried microdnf install find but that says find is not found. How can I install it?

oraclelinux:8-slim does not include yum

Hi,
I've seen on oraclelinux-8-slim-rootfs.tar that yum package is not included anymore, ¿is this correct? Tested with this Dockerfile:

FROM oraclelinux:8-slim
RUN rpm -q yum

With this result:

Sending build context to Docker daemon 25.09kB Step 1/2 : FROM oraclelinux:8-slim ---> 73f821d86dfb Step 2/2 : RUN rpm -q yum ---> Running in 7168eeda66eb package yum is not installed The command '/bin/sh -c rpm -q yum' returned a non-zero code: 1

Thanks!

Add difference between slim and non-slim images to readme.

Currently it is not clear from the readme what the difference is between the slim and non-slim images. When should either be used? What does the slim image lack that the normal image has?

Add `latest` tag

Currently, there is no latest tag. Because of this, running docker|podman pull docker.io/library/oraclelinux fails. You can work around this issue by specifying a tag (i.e. docker|podman pull docker.io/library/oraclelinux:8 ). However, I believe the latest tag should be added as an alias to the latest available version (currently 8.4), so this image works like the other images on Docker Hub.

Screenshot from Docker Hub:

(This doesn't work because there is no latest tag)

Oraclelinux is missing tag latest

The latest tag defaults to the latest image.

It is a standard and offered by all major distributions such as ubuntu
https://registry.hub.docker.com/_/ubuntu?tab=tags

However it is missing here;
https://registry.hub.docker.com/_/oraclelinux/?tab=tags

There is at least one complaint on dockerhub reviews due to this, as when people do a simple default docker command
"docker run oraclelinux"

It doesn't work as this command ultimately defaults to "docker run oraclelinux:latest"

I admit when I did the default command I suspected the distribution was broken, as I am yet to see a Linux distribution that doesn't offer latest.

Could this be fixed please otherwise other people will ultimately find this frustrating and probably end up leaving negative reviews.

slim-7 image broken

Receiving this message when trying to pull oraclelinux:7-slim

Error response from daemon: manifest for oraclelinux:slim-7 not found

Could not resolve host: yum$ociregion.oracle.com

Installing new packages (here example: openssl) via microdnf fails with Could not resolve host: yum$ociregion.oracle.com when doing: microdnf update && microdnf install openssl

Installation of packages works fine when I just use: microdnf install openssl

How to test failure:

$ docker run -it --rm oraclelinux:8-slim bash
$ microdnf update && microdnf install openssl

In the update log I can see this entry:

...
Updating: oraclelinux-release-el8;1.0-14.el8;x86_64;ol8_baseos_latest
/var/tmp/rpm-tmp.hpfrdH: line 4: /etc/yum/vars/ociregion: No such file or directory
...

Expected:

installing packages is possible after a microdnf update

Public Key error installing kubctl using oraclelinux:8-slim as a basic image

Using kubernetes.repo as follows:
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg

Then run "microdnf install -y kubectl", I got an error "failed to parse public key for /var/cache/yum/metadata/kubernetes-8-x86_64/yum-key.gpg"

Any idea how to fix this problem? Thanks in advance,
Yi

Oracle linux 6.10, Docker port mapping fails

Hi,
Im strugling with weblogic 12.2.1.3 server on docker. I cant do "- p 8001:7001" with docker run. Do u anyone know how to make oracle linux image ready for port mapping or is there a dedicated one with no firewall etc. Can anyone tell me what to disable to make port mapping work with docker and oracle linux image?
Kind
Regards
Elias

oraclelinux:8-slim is not slim

The oraclelinux:8-slim image is ~4 times the size of oraclelinux:7-slim

oraclelinux                                                                              8-slim              8925aeb0d472        17 hours ago        530MB
oraclelinux                                                                              7-slim              d94f4e9e5c13        4 weeks ago         118MB

A large part of this seems to come from the inclusion of ~270M of locale data which I would assume is not needed by most docker users by default

du -chs usr/lib/locale usr/share/locale
210M    usr/lib/locale
60M     usr/share/locale
269M    total

There are also other "databases" included which seem unecessary such as cracklib

I'm also trying to build an image for the M1 Mac, using the `arm64v8/oraclelinux:7-slim` base image. I get the following error:

I'm also trying to build an image for the M1 Mac, using the arm64v8/oraclelinux:7-slim base image. I get the following error:

Building image 'oracle/database:19.3.0-arm64v8-' ...
[+] Building 1.6s (9/13)                                                                                                                                                                                       
 => [internal] load build definition from Dockerfile                                                                                                                                                      0.0s
 => => transferring dockerfile: 3.50kB                                                                                                                                                                    0.0s
 => [internal] load .dockerignore                                                                                                                                                                         0.0s
 => => transferring context: 2B                                                                                                                                                                           0.0s
 => [internal] load metadata for docker.io/arm64v8/oraclelinux:7-slim                                                                                                                                     1.5s
 => CANCELED [base 1/4] FROM docker.io/arm64v8/oraclelinux:7-slim@sha256:dfaa80b27e8d90d5931b21728c1316c4da41aeb103b9bcb1a46fdcffd7f151e5                                                                 0.0s
 => => resolve docker.io/arm64v8/oraclelinux:7-slim@sha256:dfaa80b27e8d90d5931b21728c1316c4da41aeb103b9bcb1a46fdcffd7f151e5                                                                               0.0s
 => => sha256:dfaa80b27e8d90d5931b21728c1316c4da41aeb103b9bcb1a46fdcffd7f151e5 529B / 529B                                                                                                                0.0s
 => => sha256:b59907748847d318313a0d01f1d77e89df3c42f453d8a111ac345660b764d60b 1.49kB / 1.49kB                                                                                                            0.0s
 => [internal] load build context                                                                                                                                                                         0.0s
 => => transferring context: 375B                                                                                                                                                                         0.0s
 => CACHED [base 2/4] COPY setupLinuxEnv.sh checkSpace.sh /opt/install/                                                                                                                                   0.0s
 => CACHED [base 3/4] COPY runOracle.sh startDB.sh createDB.sh dbca.rsp.tmpl setPassword.sh checkDBStatus.sh runUserScripts.sh /opt/oracle/                                                               0.0s
 => CACHED [base 4/4] RUN chmod ug+x /opt/install/*.sh &&     sync &&     /opt/install/checkSpace.sh &&     /opt/install/setupLinuxEnv.sh &&     rm -rf /opt/install                                      0.0s
 => ERROR [builder 1/2] COPY --chown=oracle:dba LINUX.X64_193000_db_home.zip db_inst.rsp installDBBinaries.sh /opt/install/                                                                               0.0s
------
 > [builder 1/2] COPY --chown=oracle:dba LINUX.X64_193000_db_home.zip db_inst.rsp installDBBinaries.sh /opt/install/:
------
failed to compute cache key: "/LINUX.X64_193000_db_home.zip" not found: not found

Should I use another name for the /LINUX.X64_193000_db_home.zip file?

Originally posted by @perspilling in #37 (reply in thread)

Yum commands fail

Any yum install and yum update command fail with the following error:

Errors during downloading metadata for repository 'ol9_baseos_latest':
  - Curl error (6): Couldn't resolve host name for https://yum.oracle.com/repo/OracleLinux/OL9/baseos/latest/repodata/repomd.xml [getaddrinfo() thread failed to start]
Error: Failed to download metadata for repo 'ol9_baseos_latest': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

error from docker build

=> ERROR [1/1] ADD oraclelinux-8-slim-arm64v8-rootfs.tar.xz / 0.0s

[1/1] ADD oraclelinux-8-slim-arm64v8-rootfs.tar.xz /:

failed to compute cache key: "/oraclelinux-8-slim-arm64v8-rootfs.tar.xz" not found: not found

After my holuser lab vm applied a kernel patch to 4.1.12-124.48.3.1, because the kernel headers were missing the VM was not functional.

This VM had the docker feature. I can't believe this patch was sent out without testing. It is an obvious error to not include the kernel headers, and I could not find them on the web anywhere. Fortunately I was able to get my most valuable data off the VM before it went kaput.