From 79bb1d8f6470b7f7d39c2fb8a5a38a24732b95c0 Mon Sep 17 00:00:00 2001 From: Miroslav Ivanov Date: Wed, 18 Jan 2023 15:40:57 +0200 Subject: [PATCH] job-builder: address docker image vulnerabilities Why? Fix docker image vulnerabilities uncovered by `docker scan job-builder-secure` ``` +------------------+----------+--------+----------+---------------+---------+---------+ | VULN ID | PACKAGE | TYPE | SEVERITY | FIX AVAILABLE | CVSS V2 | CVSS V3 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2022-42915 | libcurl | apk | CRITICAL | 7.83.1-r4 | 0.0 | 9.8 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2021-3177 | python3 | apk | CRITICAL | 3.8.7-r2 | 7.5 | 9.8 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2021-29921 | python3 | apk | CRITICAL | 3.9.5-r0 | 7.5 | 9.8 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2022-32221 | libcurl | apk | CRITICAL | 7.83.1-r4 | 0.0 | 9.8 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2022-43680 | expat | apk | HIGH | 2.5.0-r0 | 0.0 | 7.5 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2022-39260 | git | apk | HIGH | 2.36.3-r0 | 0.0 | 8.8 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2019-20907 | python3 | apk | HIGH | 3.8.5-r0 | 5.0 | 7.5 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2022-42916 | libcurl | apk | HIGH | 7.83.1-r4 | 0.0 | 7.5 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2022-30947 | git | apk | HIGH | | 5.0 | 7.5 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2022-36882 | git | apk | HIGH | | 0.0 | 8.8 | +------------------+----------+--------+----------+---------------+---------+--------- | CVE-2022-31012 | git | apk | HIGH | | 4.4 | 7.3 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2022-36883 | git | apk | HIGH | | 0.0 | 7.5 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2018-20225 | pip | python | HIGH | | 6.8 | 7.8 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2022-30948 | git | apk | HIGH | | 5.0 | 7.5 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2022-23602 | docutils | python | HIGH | | 5.5 | 8.1 | +------------------+----------+--------+----------+---------------+---------+---------+ ``` What? Updated alpine, python, and git versions. What type of change are you making? Bug fix Signed-off-by: Miroslav Ivanov miroslavi@vmware.com --- projects/control-service/projects/job-builder-secure/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/control-service/projects/job-builder-secure/Dockerfile b/projects/control-service/projects/job-builder-secure/Dockerfile index d95667b5b7..b8395fb6fb 100644 --- a/projects/control-service/projects/job-builder-secure/Dockerfile +++ b/projects/control-service/projects/job-builder-secure/Dockerfile @@ -24,7 +24,7 @@ RUN apk add --no-cache --update \ git \ bash -RUN apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/v3.10/main python3=3.7.10-r0 py3-pip \ +RUN apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/v3.10/main python3=3.10.9-r1 py3-pip \ && pip3 install awscli \ && apk --purge -v del py3-pip \ && rm -rf /var/cache/apk/*