Images contain out-of-date packages

[mr-cal]

What needs to get done

Possible solutions:

• Call apt upgrade or apt dist-upgrade when setting up base images
• Request new images regularly or in an automated fashion
• Use the daily images

We may need a similar to solution for the devel image in multipass: https://github.com/canonical/multipass/blob/d1371f2d313c32bd711a11fecd1e726360a87243/src/daemon/custom_image_host.cpp#L131

Why it needs to get done

Compared to launchpad builds, Snapcraft builds packages with outdated packages.

Snapcraft uses buildd release images that are only created per the request of the Multipass or Starcraft teams.

For example, the jammy buildd image was created on 2022-08-30. It comes with openssl 3.0.2-0ubuntu1. The latest version available for jammy is 3.0.2-0ubuntu1.15 and contains patches for over a dozen CVEs.

Source: @simondeziel via https://chat.canonical.com/canonical/pl/syj53kqpjfbg3b1xn9z8u1gtja

[syncronize-issues-to-jira[bot]]

Thank you for reporting us your feedback!

The internal ticket has been created: https://warthogs.atlassian.net/browse/CRAFT-2905.

This message was autogenerated

[sergiusens]

We should dist-upgrade at image setup time