Closed mancuss closed 2 years ago
There are currently no package updates available in openjdk:17-oracle
, so if the fix is published to Oracle Linux package repos then it is already installed. Otherwise, we have to wait until package updates are available.
$ docker run -it --rm openjdk:17-oracle bash
Unable to find image 'openjdk:17-oracle' locally
17-oracle: Pulling from library/openjdk
28587b6e6475: Pull complete
b1655352c888: Pull complete
1f9646f00e96: Pull complete
Digest: sha256:a44066675b079785134b97a9a7dc152fa505308450e8154eea2b0de93a7d8881
Status: Downloaded newer image for openjdk:17-oracle
bash-4.4# microdnf update
Downloading metadata...
Downloading metadata...
Nothing to do.
Hello,
We are trying to use
openjdk:17-oracle
as a base for our containers. We use AWS ECR as a docker registry and we scan all new images.We are getting ELSA-2021-9344 (https://linux.oracle.com/errata/ELSA-2021-9344.html) reported as a critical vulnerability and there doesn't seem to be a fix?
We've tried a number of different OpenJDK containers and they all have at least this vulnerability according to AWS ECR.