jadecarino
commented
7 months ago Alpine Docker image which is based on Alpine Linux used in these locations:
- [ ] Galasa CLI Dockerfile
- [ ] ArgoCD CLI Dockerfile
- [ ] GH Status Dockerfile
- [ ] GH Verify Dockerfile
- [ ] GH Monitor Dockerfile
- [ ] GH Receiver Dockerfile
- [ ] Kubectl Dockerfile
- [ ] Tekton CLI Dockerfile
- [ ] galasabld Dockerfile
Ubuntu image:
- [ ] GPG Dockerfile
- [ ] Unzip Dockerfile
- [ ] Helm chart runs on
ubuntu-latest
Others:
- [ ] Web UI (Node image)
- [ ] Helm Task (Helm image)
- [ ] Node Task (Node image)
Tracking record: https://ibm.service-now.com/now/nav/ui/classic/params/target/sn_vul_product_records.do[…]391d6cba101e%26sysparm_view%3D%26sysparm_view_forced%3Dtrue
Detail about the vulnerability: https://ibm.service-now.com/sn_vul_ibm_advisory.do?sys_id=f0096d449380ca943d7e391d6cba[…]rm_domain_scope=null&sysparm_view=&sysparm_view_forced=true
This one affects Linux (and possibly other platforms), so as a minimum, when a fix linux release is available we'll have to move up to the latest version for all our base images.
Does it specify what versions of Linux are affected? "It says they proved the vulnerability on Linux 5.15.83 (older or more recent versions are also affected)." So pretty inconclusive
Jade: I believe we respond to the email saying that we might be affected as we use some Docker images that are based on Linux. Potentially mention which repos/create a story to send them for upgrading those images when a fix is available. But I think that's probably all we can do for now?