Closed danjoneslf closed 3 years ago
I presume we can't get the version of amazonlinux that fixes the last issue because we are already using latest
tag?
a525bda89342 (amazon 2 (Karoo))
===============================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
+----------+------------------+----------+-------------------+-----------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+----------+------------------+----------+-------------------+-----------------+---------------------------------------+
| openldap | CVE-2020-25692 | MEDIUM | 2.4.44-22.amzn2 | 2.4.44-23.amzn2 | openldap: NULL pointer dereference |
| | | | | | for unauthenticated packet in slapd |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-25692 |
+----------+------------------+----------+-------------------+-----------------+---------------------------------------+
usr/local/bin/trivy
===================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
I presume we can't get the version of amazonlinux that fixes the last issue because we are already using
latest
tag?
We could probably figure out a way to fix the last one by doing something like what we did with http-api-resource but given we don't actually currently use the container in cyber and VPS no longer use it I think it probably doesn't justify the extra effort.
This fixes the majority of the known vulnerabilities