Closed mfds closed 6 months ago
NOTE:
According to https://security-tracker.debian.org/tracker/CVE-2023-45853, it seems that bullseye base image is vulnerable.
zlib: CVE-2023-45853 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054290
But, checked bugs.d.o report, it seems that this is not affected because affected code (MiniZip) is not built-in.
Surely, fixed in bullseye-security.
https://security-tracker.debian.org/tracker/CVE-2023-4911 https://tracker.debian.org/news/1468062/accepted-glibc-231-13deb11u7-source-into-oldstable-security/
Many thanks for rebuilding the images
fluent/fluentd-kubernetes-daemonset:v1.16.3-debian-opensearch-1.0 is vulnerable as well. Looks like this is the same fix. Let me know if I need open another issue. It looks like Debian 11 is used here, but most of the CVE's were fixed in Debian 12.
Also fluent/fluentd-kubernetes-daemonset:v1-debian-elasticsearch is vulnerable @kenhys. Besides
There are a few more CVEs:
The latest version is based on fluent/fluentd:v1.16.3-debian-amd64-1.0 image,
Conclusion: please use newer v1.16.3-debian-xxx-amd64-1.x image instead.
NOTE: basically older version of image fluent/fluentd-kubernetes-daemonset:v1.16.2-xxx will not be updated anymore.
fluent/fluentd-kubernetes-daemonset:v1.16.3-debian-opensearch-1.0 is vulnerable as well. Looks like this is the same fix. Let me know if I need open another issue. It looks like Debian 11 is used here, but most of the CVE's were fixed in Debian 12.
@kenhys what about this?
I opened a new one https://github.com/fluent/fluentd-kubernetes-daemonset/issues/1470. @kenhys
Hello, Snyk is picking up a few CRITICAL/HIGH issues with this image
Would it be possible to build new images with updated packages? That alone might fix these issues.
Also, as mentioned by https://github.com/fluent/fluentd-kubernetes-daemonset/issues/1435, would you consider using a smaller base image?
Thanks, Michele Fiordispina