Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerabilities found #342

Open
agarzon opened this issue Nov 16, 2022 · 3 comments
Open

Vulnerabilities found #342

agarzon opened this issue Nov 16, 2022 · 3 comments
Labels
enhancement Work on new feature (or any question related to new feature)

Comments

@agarzon
Copy link

agarzon commented Nov 16, 2022

Hi,

I've never used this image before, I just discovered today.

But I'm here just to report some critical vulnerabilities has been found in the image, according the official docker scanner.

image

Particularly https://dso.docker.com/cve/CVE-2022-23806 is the highest one which comes with the package stdlib 1.14.2
and the kernel ubuntu/linux 5.4.0-131.147 with https://dso.docker.com/cve/CVE-2022-3649

The image explored was thecodingmachine/php:8.1-v4-apache but this might also affect all the images.
@mistraloz mistraloz added the enhancement Work on new feature (or any question related to new feature) label Nov 21, 2022
@mistraloz
Copy link
Collaborator

Thx for your reporting @agarzon. It's seem related to base image (ubuntu:20.04 is oudated). An upgrade to 22.04 can help to reduce vulnerabilities (at least majors). I will take a look (not i'm busy currently, if anyone can, it's maybe helpful). We just need to change the base image (and see if test pass or not...).

We may manage beter that for the next major release of theses images (it's will be based on php version so it's will be easier to manage each vulnerability).

@agarzon
Copy link
Author

agarzon commented Nov 22, 2022

Thx for your reporting @agarzon. It's seem related to base image (ubuntu:20.04 is oudated). An upgrade to 22.04 can help to reduce vulnerabilities (at least majors). I will take a look (not i'm busy currently, if anyone can, it's maybe helpful). We just need to change the base image (and see if test pass or not...).

We may manage beter that for the next major release of theses images (it's will be based on php version so it's will be easier to manage each vulnerability).

I was making the modifications to 22.04, but the README, mentions a script called build-and-test.sh that doesnt exists 😒

@mistraloz mistraloz mentioned this issue Nov 22, 2022
Open
@mistraloz
Copy link
Collaborator

Instead you can run make test-8.1 (or push in new PR, CI will build and test for us).

@qkdreyer qkdreyer mentioned this issue Dec 7, 2022
Closed
6 tasks
@mistraloz mistraloz mentioned this issue Mar 15, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Work on new feature (or any question related to new feature)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: use ubuntu lts (jammy 22.04) qkdreyer/docker-images-php
2 participants
@agarzon @mistraloz