Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vulnaribilities detected by aqua #385

Closed
abhiramani-iptiq opened this issue Jan 13, 2020 · 2 comments
Closed

vulnaribilities detected by aqua #385

abhiramani-iptiq opened this issue Jan 13, 2020 · 2 comments
Labels
question Usability question, not directly related to an error with the image

Comments

@abhiramani-iptiq
Copy link

Hi
i have this on line in my dockerfile: FROM openjdk:8-alpine
and my aqua scanner detects these vulnerabilities
what changes i can make in my dockerfile to get latest or specific version to resolve at least few if not all vulnerabilities?

Name Resource Severity Score Fix Version
CVE-2019-14697 musl high 7.5 1.1.20-r5
CVE-2018-1000654 libtasn1 high 7.1 4.14-r0
CVE-2019-12900 libbz2 high 7.5 1.0.6-r7
CVE-2019-17371 libpng medium 4.3 None
CVE-2019-15133 giflib medium 4.3 None
CVE-2018-14498 libjpeg-turbo medium 4.3 1.5.3-r5
CVE-2019-2745 openjdk8 low 1.9 8.222.10-r0
CVE-2019-2762 openjdk8 medium 5 8.222.10-r0
CVE-2019-2766 openjdk8 low 2.6 8.222.10-r0
CVE-2019-2769 openjdk8 medium 5 8.222.10-r0
CVE-2019-2786 openjdk8 low 2.6 8.222.10-r0
CVE-2019-2816 openjdk8 medium 5.8 8.222.10-r0
CVE-2019-2842 openjdk8 medium 4.3 8.222.10-r0
CVE-2019-7317 openjdk8 low 2.6 8.222.10-r0
@wglambert wglambert added the question Usability question, not directly related to an error with the image label Jan 13, 2020
@wglambert
Copy link

See https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-so-many-cves
And docker-library/postgres#286 (comment) #161, #112, docker-library/postgres#286, docker-library/drupal#84, docker-library/official-images#2740, docker-library/ruby#117, docker-library/ruby#94, docker-library/python#152, docker-library/php#242, docker-library/buildpack-deps#46, #185.

A CVE doesn't imply having an actual vulnerability, and often is even a false positive (given how most distributions handle versioning/security updates in stable releases). If there are actionable items we can resolve, we're happy to do so (and do so actively). We update all Debian based images to include any updates in apt packages at least monthly (we regenerate the base images and then rebuild all dependent images).

@wglambert
Copy link

wglambert commented Jan 13, 2020
edited
Loading

In your case that image variant was deprecated a year ago as the upstream OpenJDK project no longer supports Alpine #272

So the only Alpine variant upstream (and consequently we) support is openjdk:14-alpine

We have a support matrix of the OpenJDK variants that we maintain #272

@yosifkit yosifkit mentioned this issue Feb 12, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Usability question, not directly related to an error with the image
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wglambert @abhiramani-iptiq