Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix 4.8.0-beta5 AL2023 vulnerabilities #1293

Closed
3 tasks done
teddytpc1 opened this issue Apr 9, 2024 · 0 comments · Fixed by #1294
Closed
3 tasks done

Fix 4.8.0-beta5 AL2023 vulnerabilities #1293

teddytpc1 opened this issue Apr 9, 2024 · 0 comments · Fixed by #1294
Assignees
@CarlosALgit
Labels
level/task Subtask issue type/enhancement

Comments

@teddytpc1
Copy link
Member

teddytpc1 commented Apr 9, 2024
edited by CarlosALgit

Description

Some vulnerabilities related to the AL 2023 base image used for the 4.8.0-beta5 Docker images were found.
Here is the list:

Vulnerability Package
ALAS-2024-573 python3-rpm
ALAS-2024-581 libcurl-minimal
ALAS-2024-576 expat

We need to fix those vulnerabilities.

Solution

After a vulnerability scan of the latest AL 2023 Docker image, it was found that the image is clean

 grype amazonlinux:2023 -o table
 ✔ Vulnerability DB                [updated]  
 ✔ Pulled image                    
 ✔ Loaded image                                                                                                                                                                                  amazonlinux:2023
 ✔ Parsed image                                                                                                                           sha256:8395af9ef0b53df535732e1e12e1f2e99b6fb57f6b781431e6410f930b4bfd70
 ✔ Cataloged contents                                                                                                                            abc9bdf55348cb0fc3369546025cb70f452c501fbedf5af4f48e484323d91822
   ├── ✔ Packages                        [108 packages]  
   ├── ✔ File digests                    [5,060 files]  
   ├── ✔ File metadata                   [5,060 locations]  
   └── ✔ Executables                     [272 executables]  
 ✔ Scanned for vulnerabilities     [0 vulnerability matches]  
   ├── by severity: 0 critical, 0 high, 0 medium, 0 low, 0 negligible
   └── by status:   0 fixed, 0 not-fixed, 0 ignored 
No vulnerabilities found
A newer version of grype is available for download: 0.75.0 (installed version is 0.74.6)

Tasks

  • Change the Docker base image from amazonlinux:2023.3.20240304.0 to amazonlinux:2023.
  • Validate the images build without issues.
  • Validate the environment deploys without issues.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@CarlosALgit CarlosALgit

Labels
level/task Subtask issue type/enhancement
Projects
Release 4.8.0
Status: Done
Milestone
No milestone
2 participants
@teddytpc1 @CarlosALgit