wglambert
commented
3 years ago Try re-pulling the image, it was updated 5 days ago and has the latest packages. That CVE is fixed in Buster with version 1.1.1d-0+deb10u5 which the image is at
$ docker run -it --rm openjdk:11.0.11-9-jre-slim bash
Unable to find image 'openjdk:11.0.11-9-jre-slim' locally
11.0.11-9-jre-slim: Pulling from library/openjdk
69692152171a: Pull complete
ce2b89b60818: Pull complete
6584437267ff: Pull complete
b6500b56ee97: Pull complete
Digest: sha256:2dc2fe284c751c4578225c14afcadeba0be10e7fa627920272089afb83f2f6de
Status: Downloaded newer image for openjdk:11.0.11-9-jre-slim
root@5ce90035f49a:/# apt list | grep openssl
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
openssl/now 1.1.1d-0+deb10u6 amd64 [installed,local]
root@5ce90035f49a:/# apt update && apt list --upgradable
Get:1 http://deb.debian.org/debian buster InRelease [121 kB]
Get:2 http://security.debian.org/debian-security buster/updates InRelease [65.4 kB]
Get:3 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]
Get:4 http://security.debian.org/debian-security buster/updates/main amd64 Packages [289 kB]
Get:5 http://deb.debian.org/debian buster/main amd64 Packages [7907 kB]
Get:6 http://deb.debian.org/debian buster-updates/main amd64 Packages [10.9 kB]
Fetched 8445 kB in 2s (3838 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
Listing... Done
zakaria-a-ahmed
I am facing an openssl issue on the openjdk:11-jre-slim, I looked around for updates and the other ones I found also seem to have the older openssl version included for example openjdk:11.0.11-9-jre-slim.
More details here: CVE-2021-23840 warning https://security-tracker.debian.org/tracker/CVE-2021-23840
Is there any comparable base image I can use for Java 11 preferably slim version