Closed marcchanwork closed 2 years ago
Hello,
We have the same problem on the image : openjdk:17.0.2-jdk-slim since the problem is linked to opennssl.
You can find a scan of the vulnerability here
I suppose this depends on the base image used.
Thank you in advance.
From the Debian security tracker page (https://security-tracker.debian.org/tracker/CVE-2022-1292), you can see that there is no package update available on bullseye
. So there is nothing that can be done.
It's centered specifically around the c_rehash script which is considered obsolete and superseded by the CLI tool https://www.openssl.org/docs/manmaster/man1/c_rehash.html
Similar to https://github.com/docker-library/python/issues/728#issuecomment-1125195703
See also #495 -- openjdk:17*
will not be updated any further (see that issue/PR for details).
Alright, thanks for the info!
Hello openjdk team, my local scan found critical vulnerability for openssl: CVE-2022-1292 For more details: https://security-tracker.debian.org/tracker/CVE-2022-1292 (severity is high here) https://github.com/advisories/GHSA-qjmp-vmxc-7p8r
I would like to ask if there are any comparable base images I can use for Java 11 and Java 8. Thank you very much.