search

docker-library / postgres

Docker Official Image packaging for Postgres
http://www.postgresql.org
MIT License
2.2k stars 1.14k forks source link

Security issues in latest postgres image #1266

Closed vr2388 closed 3 months ago

vr2388 commented 3 months ago

When we scan the postgres latest image we found critical and HIGH security issues in those images. Attaching the latest image security issue report.

postgres:latest (debian 12.6)
=============================
Total: 145 (UNKNOWN: 0, LOW: 101, MEDIUM: 32, HIGH: 11, CRITICAL: 1)

And we found more critical issue in gosu library

usr/local/bin/gosu (gobinary)
=============================
Total: 52 (UNKNOWN: 0, LOW: 1, MEDIUM: 18, HIGH: 30, CRITICAL: 3)

We also found same report in dockerhub as well

image image
LaurentGoderre commented 3 months ago

See here on why it's a false positive for gosu: https://github.com/docker-library/faq?tab=readme-ov-file#why-does-my-security-scanner-show-that-an-image-has-cves

tianon commented 3 months ago

See also https://github.com/tianon/gosu/blob/master/SECURITY.md