Skip to content
This repository has been archived by the owner on Feb 9, 2024. It is now read-only.

Future of this image #416

Closed
sveba opened this issue Apr 21, 2022 · 6 comments
Closed

Future of this image #416

sveba opened this issue Apr 21, 2022 · 6 comments

Comments

@sveba
Copy link

sveba commented Apr 21, 2022
edited by viceice
Loading

@rarkins
Can you please explain what is the plan about the full image?
In our organization we can not use the slim-image with Docker socket because our build infrastructure is air gaped (we can not just pull everything from the internet)
For this purpose the full image is really useful. The problem is that it is not being updated with the new versions of the tools (maven, gradle, php etc.)
Here is a list of the CVEs that the current tool versions have (it is long):

Vulnerabilities: 
Critical CVE-2019-15052 gradle-build-cache-packaging-6.9.2
Critical https://github.com/advisories/GHSA-2f88-5hg8-9x2x maven-compat-3.0.5
Critical https://github.com/advisories/GHSA-5hpj-m323-cphm through-2.3.8
Critical https://github.com/advisories/GHSA-5hpj-m323-cphm through-2.3.8
Critical https://github.com/advisories/GHSA-9wpj-h5jq-88p9 redis-4.0.6
Critical CVE-2019-15052 gradle-build-events-6.9.2
Critical https://github.com/advisories/GHSA-2f88-5hg8-9x2x maven-settings-builder-3.0.5
Critical https://github.com/advisories/GHSA-xvch-5gv4-984h minimist-1.2.5
Critical CVE-2019-15052 gradle-build-cache-base-6.9.2
Critical https://github.com/advisories/GHSA-2f88-5hg8-9x2x maven-settings-3.0.5
Critical CVE-2020-9493 log4j-over-slf4j-1.7.28
Critical CVE-2019-15052 gradle-build-option-6.9.2
Critical https://github.com/advisories/GHSA-xvch-5gv4-984h minimist-1.2.5
Critical https://github.com/advisories/GHSA-2f88-5hg8-9x2x maven-aether-provider-3.0.5
Critical CVE-2018-11218 redis-4.0.6
Critical https://github.com/advisories/GHSA-2f88-5hg8-9x2x maven-model-builder-3.0.5
Critical https://github.com/advisories/GHSA-2f88-5hg8-9x2x maven-artifact-3.0.5
Critical CVE-2019-15052 gradle-build-cache-6.9.2
Critical CVE-2019-15052 gradle-build-operations-6.9.2
Critical https://github.com/advisories/GHSA-2f88-5hg8-9x2x maven-core-3.0.5
Critical CVE-2019-15052 gradle-build-profile-6.9.2
Critical https://github.com/advisories/GHSA-2f88-5hg8-9x2x maven-model-3.0.5
Critical CVE-2018-11219 redis-4.0.6
Critical CVE-2019-15052 gradle-build-init-6.9.2
Critical https://github.com/advisories/GHSA-2f88-5hg8-9x2x maven-repository-metadata-3.0.5
Critical CVE-2019-15052 gradle-build-cache-http-6.9.2
High CVE-2021-29428 gradle-build-cache-6.9.2
High CVE-2018-12326 redis-4.0.6
High CVE-2021-29428 gradle-build-cache-http-6.9.2
High CVE-2021-29428 gradle-build-option-6.9.2
High CVE-2021-32751 gradle-build-cache-http-6.9.2
High https://github.com/advisories/GHSA-f62v-xpxf-3v68 gradle-build-cache-base-6.9.2
High CVE-2019-10193 redis-4.0.6
High CVE-2021-29428 gradle-build-cache-packaging-6.9.2
High CVE-2021-32751 gradle-build-init-6.9.2
High https://github.com/advisories/GHSA-f62v-xpxf-3v68 gradle-build-events-6.9.2
High CVE-2021-29428 gradle-build-operations-6.9.2
High CVE-2021-32751 gradle-build-cache-base-6.9.2
High https://github.com/advisories/GHSA-3c6g-pvg8-gqw2 json-2.6.1
High https://github.com/advisories/GHSA-f62v-xpxf-3v68 gradle-build-cache-packaging-6.9.2
High CVE-2021-32626 redis-4.0.6
High https://github.com/advisories/GHSA-f62v-xpxf-3v68 gradle-build-init-6.9.2
High CVE-2021-29428 gradle-build-profile-6.9.2
High https://github.com/advisories/GHSA-crv7-7245-f45f commons-compress-1.19
High CVE-2021-29428 gradle-build-events-6.9.2
High CVE-2021-32751 gradle-build-profile-6.9.2
High CVE-2017-14727 logger-1.5.0
High https://github.com/advisories/GHSA-f62v-xpxf-3v68 gradle-build-cache-6.9.2
High https://github.com/advisories/GHSA-rqrc-wvq6-vxfv gradle-build-init-6.9.2
High https://github.com/advisories/GHSA-f62v-xpxf-3v68 gradle-build-option-6.9.2
High CVE-2015-0903 editor-1.0.0
High CVE-2005-0861 delegate-0.2.0
High https://github.com/advisories/GHSA-xqfj-vm6h-2x34 commons-compress-1.19
High CVE-2021-32751 gradle-build-cache-packaging-6.9.2
High https://github.com/advisories/GHSA-mc84-pj99-q6hh commons-compress-1.19
High CVE-2021-29428 gradle-build-init-6.9.2
High https://github.com/advisories/GHSA-mmjf-f5jw-w72q openssl-3.0.0
High CVE-2022-1015 linux-libc-dev-5.4.0-109.123
High https://github.com/advisories/GHSA-f62v-xpxf-3v68 gradle-build-cache-http-6.9.2
High CVE-2021-32751 gradle-build-cache-6.9.2
High https://github.com/advisories/GHSA-f62v-xpxf-3v68 gradle-build-operations-6.9.2
High CVE-2008-4318 observer-0.1.1
High CVE-2020-14147 redis-4.0.6
High https://github.com/advisories/GHSA-f7vh-qwp3-x37m log4j-over-slf4j-1.7.28
High https://github.com/advisories/GHSA-57j2-w4cx-62h2 jackson-databind-2.12.1
High https://github.com/advisories/GHSA-rqrc-wvq6-vxfv gradle-build-cache-http-6.9.2
High CVE-2018-12453 redis-4.0.6
High CVE-2021-32751 gradle-build-operations-6.9.2
High CVE-2014-1936 rc-1.2.8
High https://github.com/advisories/GHSA-hfvc-g252-rp4g i18n-1.10.0
High CVE-2019-10192 redis-4.0.6
High CVE-2021-29428 gradle-build-cache-base-6.9.2
High https://github.com/advisories/GHSA-rqrc-wvq6-vxfv gradle-build-events-6.9.2
High https://github.com/advisories/GHSA-f62v-xpxf-3v68 gradle-build-profile-6.9.2
High https://github.com/advisories/GHSA-rqrc-wvq6-vxfv gradle-build-cache-base-6.9.2
High CVE-2021-32761 redis-4.0.6
High CVE-2021-21309 redis-4.0.6
High https://github.com/advisories/GHSA-rqrc-wvq6-vxfv gradle-build-option-6.9.2
High CVE-2021-32751 gradle-build-option-6.9.2
High https://github.com/advisories/GHSA-7hfm-57qf-j43q commons-compress-1.19
High https://github.com/advisories/GHSA-qc9x-gjcv-465w pipenv-2020.11.15
High CVE-2017-14198 matrix-0.4.2
High https://github.com/advisories/GHSA-x3mh-jvjw-3xwx openssl-3.0.0
High https://github.com/advisories/GHSA-rqrc-wvq6-vxfv gradle-build-cache-packaging-6.9.2
High https://github.com/advisories/GHSA-rqrc-wvq6-vxfv gradle-build-profile-6.9.2
High https://github.com/advisories/GHSA-rqrc-wvq6-vxfv gradle-build-operations-6.9.2
High CVE-2021-32751 gradle-build-events-6.9.2
High https://github.com/advisories/GHSA-rqrc-wvq6-vxfv gradle-build-cache-6.9.2
Low CVE-2016-2781 coreutils-8.30-3ubuntu2
Low CVE-2019-1010204 binutils-common-2.34-6ubuntu1.3
Low CVE-2019-15213 linux-libc-dev-5.4.0-109.123
Low CVE-2021-3671 libroken18-heimdal-7.7.0+dfsg-1ubuntu1
Low CVE-2019-1010204 binutils-2.34-6ubuntu1.3
Low CVE-2021-3671 libasn1-8-heimdal-7.7.0+dfsg-1ubuntu1
Low CVE-2015-9019 libxslt1.1-1.1.34-4
Low CVE-2021-3671 libheimbase1-heimdal-7.7.0+dfsg-1ubuntu1
Low CVE-2020-17541 libjpeg-turbo8-2.0.3-0ubuntu1.20.04.1
Low CVE-2021-3671 libhcrypto4-heimdal-7.7.0+dfsg-1ubuntu1
Low https://github.com/advisories/GHSA-2865-989q-255f linux-libc-dev-5.4.0-109.123
Low CVE-2018-12931 linux-libc-dev-5.4.0-109.123
Low CVE-2019-1010204 libbinutils-2.34-6ubuntu1.3
Low CVE-2019-14899 linux-libc-dev-5.4.0-109.123
Low CVE-2021-36087 libsepol1-3.0-1
Low https://github.com/advisories/GHSA-j4qf-cxm7-87p2 linux-libc-dev-5.4.0-109.123
Low CVE-2020-14304 linux-libc-dev-5.4.0-109.123
Low CVE-2017-13716 libctf0-2.34-6ubuntu1.3
Low CVE-2021-3671 libkrb5-26-heimdal-7.7.0+dfsg-1ubuntu1
Low CVE-2021-3669 linux-libc-dev-5.4.0-109.123
Low https://github.com/advisories/GHSA-wvcr-2gc8-63gg libpython2.7-minimal-2.7.18-120.04.1
Low CVE-2021-34981 linux-libc-dev-5.4.0-109.123
Low CVE-2020-11725 linux-libc-dev-5.4.0-109.123
Low CVE-2019-20838 libpcre3-2:8.39-12build1
Low https://github.com/advisories/GHSA-wvcr-2gc8-63gg libpython3.8-minimal-3.8.10-0ubuntu120.04.4
Low CVE-2017-13716 libctf-nobfd0-2.34-6ubuntu1.3
Low CVE-2018-1000021 git-1:2.36.0-0ppa1ubuntu20.04.1
Low CVE-2020-27820 linux-libc-dev-5.4.0-109.123
Low CVE-2021-36084 libsepol1-3.0-1
Low CVE-2018-1000021 git-man-1:2.36.0-0ppa1ubuntu20.04.1
Low https://github.com/advisories/GHSA-wvcr-2gc8-63gg python2.7-minimal-2.7.18-120.04.1
Low CVE-2013-4235 login-1:4.8.1-1ubuntu5.20.04.1
Low CVE-2019-1010204 libctf0-2.34-6ubuntu1.3
Low CVE-2020-14145 openssh-client-1:8.2p1-4ubuntu0.4
Low https://github.com/advisories/GHSA-hjpw-pwwm-fvgm linux-libc-dev-5.4.0-109.123
Low CVE-2014-2524 readline-0.0.3
Low CVE-2020-12364 linux-libc-dev-5.4.0-109.123
Low CVE-2020-9991 libsqlite3-0-3.31.1-4ubuntu0.2
Low CVE-2018-12930 linux-libc-dev-5.4.0-109.123
Low https://github.com/advisories/GHSA-5mg8-w23w-74h3 guava-27.1-android
Low https://github.com/advisories/GHSA-c98j-g7vx-36gj linux-libc-dev-5.4.0-109.123
Low CVE-2021-3671 libwind0-heimdal-7.7.0+dfsg-1ubuntu1
Low CVE-2021-36085 libsepol1-3.0-1
Low CVE-2018-12929 linux-libc-dev-5.4.0-109.123
Low CVE-2020-12363 linux-libc-dev-5.4.0-109.123
Low CVE-2021-3671 libgssapi3-heimdal-7.7.0+dfsg-1ubuntu1
Low CVE-2021-3671 libheimntlm0-heimdal-7.7.0+dfsg-1ubuntu1
Low CVE-2017-0537 linux-libc-dev-5.4.0-109.123
Low CVE-2021-41617 openssh-client-1:8.2p1-4ubuntu0.4
Low https://github.com/advisories/GHSA-wvcr-2gc8-63gg libpython3.8-stdlib-3.8.10-0ubuntu120.04.4
Low CVE-2021-4217 unzip-6.0-25ubuntu1
Low CVE-2020-9849 libsqlite3-0-3.31.1-4ubuntu0.2
Low https://github.com/advisories/GHSA-wvcr-2gc8-63gg libpython2.7-stdlib-2.7.18-120.04.1
Low CVE-2019-19814 linux-libc-dev-5.4.0-109.123
Low https://github.com/advisories/GHSA-g6gr-2x73-gj6f linux-libc-dev-5.4.0-109.123
Low CVE-2021-3671 libhx509-5-heimdal-7.7.0+dfsg-1ubuntu1
Low https://github.com/advisories/GHSA-wvcr-2gc8-63gg python3.8-3.8.10-0ubuntu120.04.4
Low CVE-2017-13716 libbinutils-2.34-6ubuntu1.3
Low CVE-2013-4235 passwd-1:4.8.1-1ubuntu5.20.04.1
Low https://github.com/advisories/GHSA-8p3j-58qw-jhp4 unzip-6.0-25ubuntu1
Low CVE-2019-18276 bash-5.0-6ubuntu1.1
Low CVE-2017-13716 binutils-2.34-6ubuntu1.3
Low https://github.com/advisories/GHSA-wvcr-2gc8-63gg python3.8-minimal-3.8.10-0ubuntu120.04.4
Low CVE-2018-1121 linux-libc-dev-5.4.0-109.123
Low CVE-2021-36086 libsepol1-3.0-1
Low CVE-2017-13716 binutils-x86-64-linux-gnu-2.34-6ubuntu1.3
Low https://github.com/advisories/GHSA-q2q7-5pp4-w6pg python3-urllib3-1.25.8-2ubuntu0.1
Low CVE-2014-5169 date-3.2.2
Low CVE-2019-1010204 libctf-nobfd0-2.34-6ubuntu1.3
Low CVE-2021-43618 libgmp10-2:6.2.0+dfsg-4
Low CVE-2017-13716 binutils-common-2.34-6ubuntu1.3
Low CVE-2019-19378 linux-libc-dev-5.4.0-109.123
Low https://github.com/advisories/GHSA-wvcr-2gc8-63gg python2.7-2.7.18-120.04.1
Low CVE-2019-1010204 binutils-x86-64-linux-gnu-2.34-6ubuntu1.3
Medium https://github.com/advisories/GHSA-xhqq-x44f-9fgg go-1.18.1
Medium CVE-2021-3894 linux-libc-dev-5.4.0-109.123
Medium CVE-2019-16370 gradle-build-profile-6.9.2
Medium CVE-1999-1338 delegate-0.2.0
Medium CVE-2019-16370 gradle-build-option-6.9.2
Medium CVE-2020-36310 linux-libc-dev-5.4.0-109.123
Medium CVE-2007-4559 python-3.10.4
Medium https://github.com/advisories/GHSA-c6f2-mj5c-wfq2 linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-mvqq-5fjm-9rq9 linux-libc-dev-5.4.0-109.123
Medium CVE-2022-1198 linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-3q9w-xvhm-rg6c linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-5wjp-vc35-7wgq linux-libc-dev-5.4.0-109.123
Medium CVE-2022-1016 linux-libc-dev-5.4.0-109.123
Medium CVE-2022-1048 linux-libc-dev-5.4.0-109.123
Medium CVE-2020-13844 gcc-9-9.4.0-1ubuntu120.04.1
Medium CVE-2020-13844 g++-4:9.3.0-1ubuntu2
Medium CVE-2016-8660 linux-libc-dev-5.4.0-109.123
Medium CVE-2022-0480 linux-libc-dev-5.4.0-109.123
Medium CVE-2022-1205 linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-gwrp-pvrq-jmwv commons-io-2.6
Medium https://github.com/advisories/GHSA-5c8p-jxw7-78rv linux-libc-dev-5.4.0-109.123
Medium CVE-2021-29429 gradle-build-init-6.9.2
Medium https://github.com/advisories/GHSA-mx9v-6qg3-92rp perl-base-5.30.0-9ubuntu0.2
Medium CVE-2022-0400 linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-6vpr-3pgw-5q44 linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-mqmx-58xm-f4cj linux-libc-dev-5.4.0-109.123
Medium CVE-2020-13844 cpp-4:9.3.0-1ubuntu2
Medium https://github.com/advisories/GHSA-93q8-gq69-wqmw ansi-regex-4.1.0
Medium https://github.com/advisories/GHSA-f446-9vw9-w973 linux-libc-dev-5.4.0-109.123
Medium CVE-2022-1199 linux-libc-dev-5.4.0-109.123
Medium CVE-2020-29511 go-1.18.1
Medium CVE-2021-29429 gradle-build-profile-6.9.2
Medium CVE-2020-24550 find-0.1.1
Medium CVE-2019-16370 gradle-build-cache-http-6.9.2
Medium https://github.com/advisories/GHSA-pw5p-gx3j-x3xv linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-vvr5-h9mx-r3g3 linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-8x5v-3jgc-w6jf linux-libc-dev-5.4.0-109.123
Medium CVE-2020-13844 g++-9-9.4.0-1ubuntu120.04.1
Medium https://github.com/advisories/GHSA-6mcw-qw2j-m473 linux-libc-dev-5.4.0-109.123
Medium CVE-2015-8553 linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-vg9g-89fh-g3hw linux-libc-dev-5.4.0-109.123
Medium CVE-2021-36222 libgssapi-krb5-2-1.17-6ubuntu4.1
Medium https://github.com/advisories/GHSA-fh24-7cc2-vrh4 linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-w3v8-rrpc-q26v linux-libc-dev-5.4.0-109.123
Medium CVE-2021-4159 linux-libc-dev-5.4.0-109.123
Medium CVE-2020-13844 gcc-9-base-9.4.0-1ubuntu120.04.1
Medium CVE-2022-1195 linux-libc-dev-5.4.0-109.123
Medium CVE-2019-16370 gradle-build-cache-packaging-6.9.2
Medium https://github.com/advisories/GHSA-5v34-g2px-j4fw ant-launcher-1.10.9
Medium CVE-2021-36222 libkrb5support0-1.17-6ubuntu4.1
Medium CVE-2020-13844 libstdc++-9-dev-9.4.0-1ubuntu120.04.1
Medium https://github.com/advisories/GHSA-xmmh-rrmp-q4m2 linux-libc-dev-5.4.0-109.123
Medium CVE-2018-17977 linux-libc-dev-5.4.0-109.123
Medium CVE-2019-16370 gradle-build-cache-6.9.2
Medium CVE-2022-0644 linux-libc-dev-5.4.0-109.123
Medium CVE-2021-29429 gradle-build-cache-6.9.2
Medium CVE-2020-13844 cpp-9-9.4.0-1ubuntu120.04.1
Medium CVE-2019-16370 gradle-build-events-6.9.2
Medium https://github.com/advisories/GHSA-fhq6-983r-j5mh linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-hgf7-47f3-2gq3 linux-libc-dev-5.4.0-109.123
Medium CVE-2021-29429 gradle-build-events-6.9.2
Medium CVE-2020-24504 linux-libc-dev-5.4.0-109.123
Medium CVE-2020-9794 libsqlite3-0-3.31.1-4ubuntu0.2
Medium https://github.com/advisories/GHSA-q5r4-cfpx-h6fh ant-1.10.9
Medium CVE-2013-7445 linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-jqff-3935-jcw9 linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-32r8-256r-q9p6 linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-9c4x-gw9f-7x8h linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-7r82-7xv7-xcpj httpclient-2.8.3
Medium https://github.com/advisories/GHSA-4rw9-jwmq-4v5r linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-q6qm-pxcx-gj5h linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-q5r4-cfpx-h6fh ant-launcher-1.10.9
Medium https://github.com/advisories/GHSA-wj94-fvj2-f29x unzip-6.0-25ubuntu1
Medium CVE-2021-29429 gradle-build-cache-packaging-6.9.2
Medium CVE-2002-1647 slash-3.0.0
Medium CVE-2021-3864 linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-93q8-gq69-wqmw ansi-regex-4.1.0
Medium https://github.com/advisories/GHSA-mx9v-6qg3-92rp perl-modules-5.30-5.30.0-9ubuntu0.2
Medium CVE-2005-0036 delegate-0.2.0
Medium CVE-2020-13844 gcc-4:9.3.0-1ubuntu2
Medium https://github.com/advisories/GHSA-9q69-f33x-263w linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-795h-f42g-ffc6 linux-libc-dev-5.4.0-109.123
Medium CVE-2021-3470 redis-4.0.6
Medium CVE-2019-16370 gradle-build-operations-6.9.2
Medium CVE-2019-16370 gradle-build-cache-base-6.9.2
Medium https://github.com/advisories/GHSA-5r5c-frh4-5899 linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-g954-8m8c-4jr3 linux-libc-dev-5.4.0-109.123
Medium CVE-2020-13844 libasan5-9.4.0-1ubuntu120.04.1
Medium CVE-2020-17753 rc-1.2.8
Medium https://github.com/advisories/GHSA-ph2x-8239-7xc7 openssl-3.0.0
Medium https://github.com/advisories/GHSA-wf58-5834-37vc linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-x652-hrc4-qr9w linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-mx9v-6qg3-92rp libperl5.30-5.30.0-9ubuntu0.2
Medium https://github.com/advisories/GHSA-pvxv-cw79-c2x3 linux-libc-dev-5.4.0-109.123
Medium CVE-2022-1204 linux-libc-dev-5.4.0-109.123
Medium CVE-2020-12362 linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-42rf-8fff-r463 linux-libc-dev-5.4.0-109.123
Medium CVE-2021-36222 libk5crypto3-1.17-6ubuntu4.1
Medium CVE-2021-29429 gradle-build-cache-http-6.9.2
Medium CVE-2017-14197 matrix-0.4.2
Medium https://github.com/advisories/GHSA-93q8-gq69-wqmw ansi-regex-3.0.0
Medium CVE-2021-4218 linux-libc-dev-5.4.0-109.123
Medium CVE-2021-29429 gradle-build-cache-base-6.9.2
Medium CVE-2021-29429 gradle-build-option-6.9.2
Medium https://github.com/advisories/GHSA-g6g9-f4gj-gxqv linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-93q8-gq69-wqmw ansi-regex-4.1.0
Medium https://github.com/advisories/GHSA-32qq-4q5r-h4xr linux-libc-dev-5.4.0-109.123
Medium CVE-2021-36222 libkrb5-3-1.17-6ubuntu4.1
Medium CVE-2020-13844 libgcc-9-dev-9.4.0-1ubuntu1~20.04.1
Medium CVE-2019-16370 gradle-build-init-6.9.2
Medium https://github.com/advisories/GHSA-qmh3-rcx6-h2r6 linux-libc-dev-5.4.0-109.123
Medium CVE-2020-27835 linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-28gv-g34g-4v3h linux-libc-dev-5.4.0-109.123
Medium CVE-2021-32672 redis-4.0.6
Medium CVE-2001-0381 openpgp-5.2.1
Medium https://github.com/advisories/GHSA-99wm-68jg-pfgc linux-libc-dev-5.4.0-109.123
Medium CVE-2021-26932 linux-libc-dev-5.4.0-109.123
Medium CVE-2021-4197 linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-5v34-g2px-j4fw ant-1.10.9
Medium CVE-2002-1647 slash-3.0.0
Medium https://github.com/advisories/GHSA-pg3v-wrvf-hgf7 linux-libc-dev-5.4.0-109.123
Medium https://github.com/advisories/GHSA-mx9v-6qg3-92rp perl-5.30.0-9ubuntu0.2
Medium CVE-2021-29429 gradle-build-operations-6.9.2
Negligible https://github.com/advisories/GHSA-5wqw-cqhv-q8cv patch-2.7.6-6
Negligible CVE-2018-5709 libkrb5support0-1.17-6ubuntu4.1
Negligible CVE-2021-32078 linux-libc-dev-5.4.0-109.123
Negligible CVE-2017-13693 linux-libc-dev-5.4.0-109.123
Negligible CVE-2017-13165 linux-libc-dev-5.4.0-109.123
Negligible CVE-2018-20657 libctf-nobfd0-2.34-6ubuntu1.3
Negligible https://github.com/advisories/GHSA-wg2c-jc4j-gg9c binutils-common-2.34-6ubuntu1.3
Negligible CVE-2018-6952 patch-2.7.6-6
Negligible CVE-2021-36690 libsqlite3-0-3.31.1-4ubuntu0.2
Negligible https://github.com/advisories/GHSA-wg2c-jc4j-gg9c libctf0-2.34-6ubuntu1.3
Negligible CVE-2018-5709 libkrb5-3-1.17-6ubuntu4.1
Negligible CVE-2018-20657 binutils-common-2.34-6ubuntu1.3
Negligible CVE-2020-14155 libpcre3-2:8.39-12build1
Negligible https://github.com/advisories/GHSA-wg2c-jc4j-gg9c binutils-2.34-6ubuntu1.3
Negligible https://github.com/advisories/GHSA-wg2c-jc4j-gg9c binutils-x86-64-linux-gnu-2.34-6ubuntu1.3
Negligible https://github.com/advisories/GHSA-h567-4rhr-rcqv linux-libc-dev-5.4.0-109.123
Negligible CVE-2018-20657 binutils-x86-64-linux-gnu-2.34-6ubuntu1.3
Negligible CVE-2018-12928 linux-libc-dev-5.4.0-109.123
Negligible CVE-2018-20657 binutils-2.34-6ubuntu1.3
Negligible CVE-2018-20657 libbinutils-2.34-6ubuntu1.3
Negligible CVE-2021-26934 linux-libc-dev-5.4.0-109.123
Negligible CVE-2019-16230 linux-libc-dev-5.4.0-109.123
Negligible CVE-2018-20657 libctf0-2.34-6ubuntu1.3
Negligible CVE-2018-5709 libk5crypto3-1.17-6ubuntu4.1
Negligible CVE-2017-11164 libpcre3-2:8.39-12build1
Negligible CVE-2018-5709 libgssapi-krb5-2-1.17-6ubuntu4.1
Negligible https://github.com/advisories/GHSA-wg2c-jc4j-gg9c libbinutils-2.34-6ubuntu1.3
Negligible https://github.com/advisories/GHSA-wg2c-jc4j-gg9c libctf-nobfd0-2.34-6ubuntu1.3
@rarkins
Copy link
Contributor

rarkins commented Apr 21, 2022

@rarkins Can you please explain what is the plan about the full image?

It will be built automatically as today.

In our organization we can not use the slim-image with Docker socket because our build infrastructure is air gaped (we can not just pull everything from the internet)

How do you build your own images of other things?

The problem is that it is not being updated with the new versions of the tools (maven, gradle, php etc.) Here is a list of the CVEs that the current tool versions have (it is long)

How many of these CVEs are because of the tool versions? To my knowledge we're not using any EOL versions, and there aren't that many outdated here: #5

@sveba
Copy link
Author

sveba commented Apr 21, 2022

Thank you fro clarification.

The build of other Images is really complicated. Every image we use has to be scanned and if there are CVEs we have to explain if they are important for our use case and so on. The same procedure is with binaries like golang. So it is really no fun.

But anyways, looks like most of the CVEs are because of maven (3.0.5 version is installed and currently the version is 3.8.5) and gradle(old major version)

Maybe you can update those :)

@viceice
Copy link
Member

viceice commented Apr 21, 2022

i don't see maven installed at all.

@viceice
Copy link
Member

viceice commented Apr 21, 2022

@rarkins i think it's safe to update Gradle, as most users are using the local wrapper anyways

@rarkins
Copy link
Contributor

rarkins commented Apr 21, 2022

We don't explicitly install maven

@viceice viceice mentioned this issue May 9, 2022
Open
@viceice
Copy link
Member

viceice commented Feb 9, 2024

image will stay for some more time and build is moved to main repo

@viceice viceice closed this as completed Feb 9, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sveba @viceice @rarkins