search

docker-library / php

Docker Official Image packaging for PHP
https://php.net
MIT License
3.81k stars 2k forks source link

How fixe an Vulnerability php docker image CVE-2019-19814 #1345

Closed ljbili closed 1 year ago

ljbili commented 1 year ago

Hello,

actually im using docker image "php:8.1.12-fpm-bullseye" for our application, and before deploy application on our infrastructure we scan the image base on our repository (with AWS ECR), and we have a critical vulnerability on the image and we can't deploy it in the production.

there is the url link about Vulnerability issue : https://security-tracker.debian.org/tracker/CVE-2019-19814

Now we need a help please about how can fixe this critical vulnerability please?

regards

tianon commented 1 year ago

From the link you provided:

[bullseye] - linux <no-dsa> (Minor issue)
[buster] - linux <no-dsa> (Minor issue)

This isn't fixed in Debian, which is why it isn't fixed in the images. On top of that, it's a vulnerability in the kernel, so it can't possibly affect the image.

See also https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-cves

ljbili commented 1 year ago

ok, thank you for your reply