Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update debian-iptables to bullseye-v1.1.0 #291

Merged
merged 1 commit into from
Dec 2, 2021
Merged

chore: update debian-iptables to bullseye-v1.1.0 #291

merged 1 commit into from
Dec 2, 2021

Conversation

aramase
Copy link
Member

@aramase aramase commented Dec 2, 2021
edited

Signed-off-by: Anish Ramasekar anish.ramasekar@gmail.com

Reason for Change:

  • Updates proxy-init base image to debian-iptables:bullseye-v1.1.0
  • Adds new CVE to the dockerfile comment

CVE reference:

➜ trivy --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL k8s.gcr.io/build-image/debian-iptables:bullseye-v1.1.0
2021-12-02T18:20:55.235Z	INFO	Need to update DB
2021-12-02T18:20:55.235Z	INFO	Downloading DB...
25.06 MiB / 25.06 MiB [-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 12.00 MiB p/s 2s
2021-12-02T18:20:59.515Z	INFO	Detected OS: debian
2021-12-02T18:20:59.515Z	INFO	Detecting Debian vulnerabilities...
2021-12-02T18:20:59.524Z	INFO	Number of language-specific files: 0

k8s.gcr.io/build-image/debian-iptables:bullseye-v1.1.0 (debian 11.0)
====================================================================
Total: 6 (MEDIUM: 4, HIGH: 1, CRITICAL: 1)

+------------------+------------------+----------+-------------------+------------------+---------------------------------------+
|     LIBRARY      | VULNERABILITY ID | SEVERITY | INSTALLED VERSION |  FIXED VERSION   |                 TITLE                 |
+------------------+------------------+----------+-------------------+------------------+---------------------------------------+
| libgssapi-krb5-2 | CVE-2021-37750   | MEDIUM   | 1.18.3-6          | 1.18.3-6+deb11u1 | krb5: NULL pointer dereference        |
|                  |                  |          |                   |                  | in process_tgs_req() in               |
|                  |                  |          |                   |                  | kdc/do_tgs_req.c via a FAST inner...  |
|                  |                  |          |                   |                  | -->avd.aquasec.com/nvd/cve-2021-37750 |
+------------------+                  +          +                   +                  +                                       +
| libk5crypto3     |                  |          |                   |                  |                                       |
|                  |                  |          |                   |                  |                                       |
|                  |                  |          |                   |                  |                                       |
|                  |                  |          |                   |                  |                                       |
+------------------+                  +          +                   +                  +                                       +
| libkrb5-3        |                  |          |                   |                  |                                       |
|                  |                  |          |                   |                  |                                       |
|                  |                  |          |                   |                  |                                       |
|                  |                  |          |                   |                  |                                       |
+------------------+                  +          +                   +                  +                                       +
| libkrb5support0  |                  |          |                   |                  |                                       |
|                  |                  |          |                   |                  |                                       |
|                  |                  |          |                   |                  |                                       |
|                  |                  |          |                   |                  |                                       |
+------------------+------------------+----------+-------------------+------------------+---------------------------------------+
| libssl1.1        | CVE-2021-3711    | CRITICAL | 1.1.1k-1          | 1.1.1k-1+deb11u1 | openssl: SM2 Decryption               |
|                  |                  |          |                   |                  | Buffer Overflow                       |
|                  |                  |          |                   |                  | -->avd.aquasec.com/nvd/cve-2021-3711  |
+                  +------------------+----------+                   +                  +---------------------------------------+
|                  | CVE-2021-3712    | HIGH     |                   |                  | openssl: Read buffer overruns         |
|                  |                  |          |                   |                  | processing ASN.1 strings              |
|                  |                  |          |                   |                  | -->avd.aquasec.com/nvd/cve-2021-3712  |
+------------------+------------------+----------+-------------------+------------------+---------------------------------------+

Requirements

  • squashed commits
  • included documentation
  • added unit tests and e2e tests (if applicable).

Issue Fixed:

Please answer the following questions with yes/no:

Does this change contain code from or inspired by another project? If so, did you notify the maintainers and provide attribution?

  • yes
  • no

Notes for Reviewers:

@aramase aramase temporarily deployed to azwi-e2e December 2, 2021 18:03 Inactive
@aramase aramase marked this pull request as ready for review December 2, 2021 18:15
@aramase aramase requested a review from chewong as a code owner December 2, 2021 18:15
@aramase
chore: update debian-iptables to bullseye-v1.1.0
9b42b80 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
@aramase aramase temporarily deployed to azwi-e2e December 2, 2021 18:21 Inactive
@aramase aramase enabled auto-merge (squash) December 2, 2021 18:33
@aramase aramase requested a review from chewong December 2, 2021 18:42
@aramase aramase merged commit 652221d into Azure:main Dec 2, 2021
@aramase aramase deleted the debian-iptables-bullseye-v1.1.0 branch December 2, 2021 18:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chewong chewong chewong approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@aramase @chewong