vulnerabilities in libcrypto and libssl libraries

kiwigrid / k8s-sidecar

This is a docker container intended to run inside a kubernetes cluster to collect config maps with a specified label and store the included files in a local folder.

MIT License

612 stars 183 forks source link

vulnerabilities in libcrypto and libssl libraries #266

Closed marianobilli closed 1 year ago

marianobilli commented 1 year ago

Upon running a trivy vulnerability scan with

docker run --rm -v trivy-cache:/root/.cache/ -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy:latest image kiwigrid/k8s-sidecar

Both libraries should be bumped to, at least, version 1.1.1t-r2

Thanks

jekkel commented 1 year ago

Thanks for the report, can you please check whether our upstream base image is affected as well?

bt909 commented 1 year ago

This issue is solved with the actual image, I think, but there are new findings. see: https://github.com/kiwigrid/k8s-sidecar/issues/299

But I think this issue can be closed.

ChristianGeie commented 1 year ago

yeah, let me close this issue and we'll continue it in #299