Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade libcrypto1.1 and libssl1.1 for vulnerability issue #179

Closed
lqqlin opened this issue Mar 25, 2022 · 5 comments
Closed

upgrade libcrypto1.1 and libssl1.1 for vulnerability issue #179

lqqlin opened this issue Mar 25, 2022 · 5 comments

Comments

@lqqlin
Copy link

lqqlin commented Mar 25, 2022

Hello,

I am using below version of clamav image,
mkodockx/docker-clamav:alpine

I get the below security suggestion when I scan image code. Do you have any plan to upgrade libcrypto1.1 and libssl1.1 ?Thanks.
image
@lqqlin
Copy link
Author

lqqlin commented Apr 1, 2022

Hello,
Do you have any updates?
I scan the Cisco-Talos clamav image(docker pull clamav/clamav), which doesn't have this security issue. Maybe we can use the same version package.

https://github.com/Cisco-Talos/clamav/blob/a45bf34802768ccf7dfd412105ae197274dfe0d5/.github/workflows/cmake.yml
-DOPENSSL_CRYPTO_LIBRARY=/usr/local/opt/openssl@1.1/lib/libcrypto.1.1.dylib
-DOPENSSL_SSL_LIBRARY=/usr/local/opt/openssl@1.1/lib/libssl.1.1.dylib

Looking forward to your reply, thank you.

@lqqlin
Copy link
Author

lqqlin commented Apr 6, 2022

Hello,
Do you have any updates?
Looking forward to your reply, thank you.

1 similar comment
@lqqlin
Copy link
Author

lqqlin commented Apr 19, 2022

Hello,
Do you have any updates?
Looking forward to your reply, thank you.

@lqqlin
Copy link
Author

lqqlin commented Apr 26, 2022

Hello,
Here is the details about the vulnerability issue. This is high severity
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-0778
Could you please provide an update?
Thanks.

@lqqlin lqqlin changed the title upgrade libcrypto1.1 and libssl1.1 for security suggestion upgrade libcrypto1.1 and libssl1.1 for vulnerability issue Apr 26, 2022
@lqqlin
Copy link
Author

lqqlin commented Apr 27, 2022

This ticket is closed, since the latest alpine image fix this vulnerability .

@lqqlin lqqlin closed this as completed Apr 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lqqlin