Skip to content

Commit

Permalink
Bump Epoch to fix CVEs (#239)
Browse files Browse the repository at this point in the history 
This should take care of the following CVEs:

```
+----------+------------------+----------+-------------------+------------------+--------------------------------------+
| LIBRARY  | VULNERABILITY ID | SEVERITY | INSTALLED VERSION |  FIXED VERSION   |                TITLE                 |
+----------+------------------+----------+-------------------+------------------+--------------------------------------+
| curl     | CVE-2020-8169    | HIGH     | 7.64.0-4+deb10u1  | 7.64.0-4+deb10u2 | libcurl: partial password            |
|          |                  |          |                   |                  | leak over DNS on HTTP redirect       |
|          |                  |          |                   |                  | -->avd.aquasec.com/nvd/cve-2020-8169 |
+          +------------------+          +                   +                  +--------------------------------------+
|          | CVE-2020-8177    |          |                   |                  | curl: Incorrect argument             |
|          |                  |          |                   |                  | check can allow remote servers       |
|          |                  |          |                   |                  | to overwrite local files...          |
|          |                  |          |                   |                  | -->avd.aquasec.com/nvd/cve-2020-8177 |
+          +------------------+          +                   +                  +--------------------------------------+
|          | CVE-2020-8231    |          |                   |                  | curl: Expired pointer                |
|          |                  |          |                   |                  | dereference via multi API with       |
|          |                  |          |                   |                  | `CURLOPT_CONNECT_ONLY` option set    |
|          |                  |          |                   |                  | -->avd.aquasec.com/nvd/cve-2020-8231 |
+          +------------------+          +                   +                  +--------------------------------------+
|          | CVE-2020-8285    |          |                   |                  | curl: malicious FTP server can       |
|          |                  |          |                   |                  | trigger stack overflow when          |
|          |                  |          |                   |                  | CURLOPT_CHUNK_BGN_FUNCTION           |
|          |                  |          |                   |                  | is used...                           |
|          |                  |          |                   |                  | -->avd.aquasec.com/nvd/cve-2020-8285 |
+          +------------------+          +                   +                  +--------------------------------------+
|          | CVE-2020-8286    |          |                   |                  | curl: inferior OCSP verification     |
|          |                  |          |                   |                  | -->avd.aquasec.com/nvd/cve-2020-8286 |
+----------+------------------+          +                   +                  +--------------------------------------+
| libcurl4 | CVE-2020-8169    |          |                   |                  | libcurl: partial password            |
|          |                  |          |                   |                  | leak over DNS on HTTP redirect       |
|          |                  |          |                   |                  | -->avd.aquasec.com/nvd/cve-2020-8169 |
+          +------------------+          +                   +                  +--------------------------------------+
|          | CVE-2020-8177    |          |                   |                  | curl: Incorrect argument             |
|          |                  |          |                   |                  | check can allow remote servers       |
|          |                  |          |                   |                  | to overwrite local files...          |
|          |                  |          |                   |                  | -->avd.aquasec.com/nvd/cve-2020-8177 |
+          +------------------+          +                   +                  +--------------------------------------+
|          | CVE-2020-8231    |          |                   |                  | curl: Expired pointer                |
|          |                  |          |                   |                  | dereference via multi API with       |
|          |                  |          |                   |                  | `CURLOPT_CONNECT_ONLY` option set    |
|          |                  |          |                   |                  | -->avd.aquasec.com/nvd/cve-2020-8231 |
+          +------------------+          +                   +                  +--------------------------------------+
|          | CVE-2020-8285    |          |                   |                  | curl: malicious FTP server can       |
|          |                  |          |                   |                  | trigger stack overflow when          |
|          |                  |          |                   |                  | CURLOPT_CHUNK_BGN_FUNCTION           |
|          |                  |          |                   |                  | is used...                           |
|          |                  |          |                   |                  | -->avd.aquasec.com/nvd/cve-2020-8285 |
+          +------------------+          +                   +                  +--------------------------------------+
|          | CVE-2020-8286    |          |                   |                  | curl: inferior OCSP verification     |
|          |                  |          |                   |                  | -->avd.aquasec.com/nvd/cve-2020-8286 |
+----------+------------------+----------+-------------------+------------------+--------------------------------------+
```
  • Loading branch information
@kaxil
kaxil committed Apr 1, 2021
1 parent 823a5b2 commit 6522368
Show file tree
Hide file tree
Showing 8 changed files with 8 additions and 8 deletions.
2 changes: 1 addition & 1 deletion 1.10.10/buster/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ RUN pip install "${AIRFLOW_MODULE}" \
FROM ${APT_DEPS_IMAGE} as main

# By increasing this number we force CI to upgrade all system packages
ARG PACKAGE_UPGRADE_EPOCH_NUMBER="6"
ARG PACKAGE_UPGRADE_EPOCH_NUMBER="7"

RUN apt-get update \
&& apt-get upgrade -y --no-install-recommends \
Expand Down
2 changes: 1 addition & 1 deletion 1.10.12/buster/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ RUN pip install "${AIRFLOW_MODULE}" --constraint "https://raw.githubusercontent.
FROM ${APT_DEPS_IMAGE} as main

# By increasing this number we force CI to upgrade all system packages
ARG PACKAGE_UPGRADE_EPOCH_NUMBER="6"
ARG PACKAGE_UPGRADE_EPOCH_NUMBER="7"

RUN apt-get update \
&& apt-get upgrade -y --no-install-recommends \
Expand Down
2 changes: 1 addition & 1 deletion 1.10.14/buster/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ RUN pip install "${AIRFLOW_MODULE}" --constraint "https://raw.githubusercontent.
FROM ${APT_DEPS_IMAGE} as main

# By increasing this number we force CI to upgrade all system packages
ARG PACKAGE_UPGRADE_EPOCH_NUMBER="6"
ARG PACKAGE_UPGRADE_EPOCH_NUMBER="7"

RUN apt-get update \
&& apt-get upgrade -y --no-install-recommends \
Expand Down
2 changes: 1 addition & 1 deletion 1.10.15/buster/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ RUN pip install "${AIRFLOW_MODULE}" --constraint "https://raw.githubusercontent.
FROM ${APT_DEPS_IMAGE} as main

# By increasing this number we force CI to upgrade all system packages
ARG PACKAGE_UPGRADE_EPOCH_NUMBER="6"
ARG PACKAGE_UPGRADE_EPOCH_NUMBER="7"

RUN apt-get update \
&& apt-get upgrade -y --no-install-recommends \
Expand Down
2 changes: 1 addition & 1 deletion 1.10.5/buster/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,7 @@ RUN cd usr/local/lib/python${PYTHON_MAJOR_MINOR_VERSION}/site-packages/airflow/w
FROM ${APT_DEPS_IMAGE} as main

# By increasing this number we force CI to upgrade all system packages
ARG PACKAGE_UPGRADE_EPOCH_NUMBER="6"
ARG PACKAGE_UPGRADE_EPOCH_NUMBER="7"

RUN apt-get update \
&& apt-get upgrade -y --no-install-recommends \
Expand Down
2 changes: 1 addition & 1 deletion 1.10.7/buster/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ RUN pip install "${AIRFLOW_MODULE}" \
FROM ${APT_DEPS_IMAGE} as main

# By increasing this number we force CI to upgrade all system packages
ARG PACKAGE_UPGRADE_EPOCH_NUMBER="6"
ARG PACKAGE_UPGRADE_EPOCH_NUMBER="7"

RUN apt-get update \
&& apt-get upgrade -y --no-install-recommends \
Expand Down
2 changes: 1 addition & 1 deletion 2.0.0/buster/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ RUN pip install "${AIRFLOW_MODULE}" \
FROM ${APT_DEPS_IMAGE} as main

# By increasing this number we force CI to upgrade all system packages
ARG PACKAGE_UPGRADE_EPOCH_NUMBER="6"
ARG PACKAGE_UPGRADE_EPOCH_NUMBER="7"

RUN apt-get update \
&& apt-get upgrade -y --no-install-recommends \
Expand Down
2 changes: 1 addition & 1 deletion 2.0.2/buster/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ RUN pip install "${AIRFLOW_MODULE}" --constraint "https://raw.githubusercontent.
FROM ${APT_DEPS_IMAGE} as main

# By increasing this number we force CI to upgrade all system packages
ARG PACKAGE_UPGRADE_EPOCH_NUMBER="6"
ARG PACKAGE_UPGRADE_EPOCH_NUMBER="7"

RUN apt-get update \
&& apt-get upgrade -y --no-install-recommends \
Expand Down

0 comments on commit 6522368

Please sign in to comment.