openebs / linux-utils

OpenEBS apline based docker images with linux utilities used for launching helper jobs.
https://docs.openebs.io
Apache License 2.0
5 stars 15 forks source link

Vulnerabilities detected by trivy #27

Closed stoneshi-yunify closed 4 months ago

stoneshi-yunify commented 2 years ago
root@stonetest:~# trivy image openebs/linux-utils:latest
2022-07-06T13:42:52.215+0800    INFO    Vulnerability scanning is enabled
2022-07-06T13:42:52.215+0800    INFO    Secret scanning is enabled
2022-07-06T13:42:52.215+0800    INFO    If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2022-07-06T13:42:52.215+0800    INFO    Please see also https://aquasecurity.github.io/trivy/v0.29.2/docs/secret/scanning/#recommendation for faster secret detection
2022-07-06T13:42:55.997+0800    INFO    Detected OS: alpine
2022-07-06T13:42:55.997+0800    INFO    Detecting Alpine vulnerabilities...
2022-07-06T13:42:55.998+0800    INFO    Number of language-specific files: 0

openebs/linux-utils:latest (alpine 3.14.6)

Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 0)

┌──────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────┐
│   Library    │ Vulnerability │ Severity │ Installed Version │ Fixed Version │                         Title                          │
├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────┤
│ libcrypto1.1 │ CVE-2022-2097 │ MEDIUM   │ 1.1.1n-r0         │ 1.1.1q-r0     │ AES OCB mode for 32-bit x86 platforms using the AES-NI │
│              │               │          │                   │               │ assembly optimised...                                  │
│              │               │          │                   │               │ https://avd.aquasec.com/nvd/cve-2022-2097              │
├──────────────┤               │          │                   │               │                                                        │
│ libssl1.1    │               │          │                   │               │                                                        │
│              │               │          │                   │               │                                                        │
│              │               │          │                   │               │                                                        │
└──────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────┘
root@stonetest:~#
root@stonetest:~#
root@stonetest:~# trivy version
Version: 0.29.2
Vulnerability DB:
  Version: 2
  UpdatedAt: 2022-07-06 00:12:25.854188929 +0000 UTC
  NextUpdate: 2022-07-06 06:12:25.854188429 +0000 UTC
  DownloadedAt: 2022-07-06 05:34:58.185443 +0000 UTC
niladrih commented 4 months ago

Thanks. Noted. I'll be upgrading the base image's version soon. Similar to https://github.com/openebs/dynamic-localpv-provisioner/issues/140