AYUSHI-ERIC
commented
5 months ago Can anybody help ?
Closed AYUSHI-ERIC closed 5 months ago
AYUSHI-ERIC
commented
5 months ago Can anybody help ?
kenhys
commented
5 months ago With excluding "Negligible" and "Won't fix" ones, only linux-libc-dev (header files) is detected. NOTE: uri 0.12.1 is installed but not used because newer 0.12.2 is installed to fix CVE.
e.g.
docker run --rm anchore/grype:latest fluent/fluentd-kubernetes-daemonset:v1.16.3-debian-forward-1.0 | grep -v Negligible | grep -v "won't fix"Anyway, it may be better to adopt recent upstream's base image, so planning to switch them.
AYUSHI-ERIC
commented
5 months ago @kenhys is it possible to rebuild the image with debian version 12?
kenhys
commented
5 months ago Yes.
https://github.com/fluent/fluentd-docker-image/pull/372 was merged into master and base image was rebuilt based on bookworm (Debian 12).
you can pull newer image later (building newer version now)
docker pull fluent/fluentd-kubernetes-daemonset:v1.16.3-debian-forward-amd64-2.0Fixed in newer image which was switched to bookworm.
docker run --rm anchore/grype:latest fluent/fluentd-kubernetes-daemonset:v1.16.3-debian-forward-amd64-2.1
+ grep -v Negligible
+ grep -v won't fix
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
uri 0.12.1 0.12.2 gem GHSA-hww2-5g85-429m Medium
@kenhys my old git issue is marked as closed although the issue isn't resolved yet. I checked for newer image newer fluent/fluentd-kubernetes-daemonset:v1.16.3-debian-forward-1.0 image this image holds same vulnerabilities and risks as that of in fluent/fluentd-kubernetes-daemonset:v1.16.2-debian-forward-1.0 image. Please help with the vulnerabilities.
Thank you in advance!