search

KEINOS / Dockerfile_of_SQLite3

Latest SQLite3 on Alpine Docker image. (AMD64/Intel, Arm64, Arm6, Arm7)
MIT License
33 stars 15 forks source link

Medium severity vulnerability found in openssl/libcrypto3 #38

Closed KEINOS closed 1 year ago

KEINOS commented 1 year ago

As of v3.41.2 and latest image contains security vulnerability. Yet not critical.

PR https://github.com/KEINOS/Dockerfile_of_SQLite3/pull/37 may fix this problem. It bumps up Alpine v3.17.3 to v3.18.0.

$ snyk container test keinos/sqlite3:latest

Testing keinos/sqlite3:latest...

✗ Medium severity vulnerability found in openssl/libcrypto3
  Description: Out-of-bounds Read
  Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5438697
  Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29
  From: openssl/libcrypto3@3.0.8-r3
  From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3
  From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3
  and 4 more...
  Fixed in: 3.0.8-r4

Organization:      keinos
Package manager:   apk
Project name:      docker-image|keinos/sqlite3
Docker image:      keinos/sqlite3:latest
Platform:          linux/amd64
Base image:        alpine:3.17.3
Licenses:          enabled

Tested 15 dependencies for known issues, found 1 issue.

Base Image     Vulnerabilities  Severity
alpine:3.17.3  1                0 critical, 0 high, 1 medium, 0 low

Recommendations for base image upgrade:

Minor upgrades
Base Image  Vulnerabilities  Severity
alpine:3    0                0 critical, 0 high, 0 medium, 0 low

Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection
KEINOS commented 1 year ago

Fixed in v3.41.2.

$ snyk container test keinos/sqlite3:3.41.2

Testing keinos/sqlite3:3.41.2...

Organization:      keinos
Package manager:   apk
Project name:      docker-image|keinos/sqlite3
Docker image:      keinos/sqlite3:3.41.2
Platform:          linux/amd64
Base image:        alpine:3.18.0
Licenses:          enabled

✔ Tested 15 dependencies for known issues, no vulnerable paths found.

According to our scan, you are currently using the most secure version of the selected base image

$ snyk container test keinos/sqlite3:latest

Testing keinos/sqlite3:latest...

Organization:      keinos
Package manager:   apk
Project name:      docker-image|keinos/sqlite3
Docker image:      keinos/sqlite3:latest
Platform:          linux/amd64
Base image:        alpine:3.18.0
Licenses:          enabled

✔ Tested 15 dependencies for known issues, no vulnerable paths found.

According to our scan, you are currently using the most secure version of the selected base image