[Bug]: eclipse-temurin:17.0.10_7-jre uses ubuntu 22.04 which has several vulnerabilities

adoptium / containers

Repo containing the dockerfiles and scripts to produce the official eclipse-temurin containers.

https://hub.docker.com/_/eclipse-temurin/

Apache License 2.0

216 stars 93 forks source link

[Bug]: eclipse-temurin:17.0.10_7-jre uses ubuntu 22.04 which has several vulnerabilities #503

Closed sy185109 closed 7 months ago

sy185109 commented 7 months ago

Please add the exact image (with tag) that you are using

eclipse-temurin:17.0.10_7-jre

Please add the version of Docker you are running

Docker version 24.0.5, build ced0996

What happened?

Mentioned docker image is using ubuntu 22.04 base image which has several vulnerabilities reported.

CVE-2021-31879 CVE-2022-47695 CVE-2022-48063 CVE-2022-48065 CVE-2016-2781 CVE-2022-27943 CVE-2022-3715 CVE-2017-13716 CVE-2019-1010204 CVE-2022-48064 CVE-2018-20657

Relevant log output

No response

sy185109 commented 7 months ago

Suggested Vendor Fix - Upgrade operating system to ubuntu version 23.04

karianna commented 7 months ago

@sy185109 This is for DockerHub to update as they control the base OS image. Please raise an issue there. Note, they'll not move to 23.04 as that is not an LTS release.