Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade OpenSSL in Alpine image #391

Merged
merged 1 commit into from
Nov 29, 2023
Merged

Upgrade OpenSSL in Alpine image #391

merged 1 commit into from
Nov 29, 2023

Conversation

merlimat
Copy link
Collaborator

Fixed security issue in base image

┌────────────┬───────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────┐
│  Library   │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │                         Title                          │
├────────────┼───────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────┤
│ libcrypto3 │ CVE-2023-5363 │ HIGH     │ fixed  │ 3.1.3-r0          │ 3.1.4-r0      │ openssl: Incorrect cipher key and IV length processing │
│            │               │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2023-5363              │
│            ├───────────────┼──────────┤        │                   ├───────────────┼────────────────────────────────────────────────────────┤
│            │ CVE-2023-5678 │ MEDIUM   │        │                   │ 3.1.4-r1      │ openssl: Generating excessively long X9.42 DH keys or  │
│            │               │          │        │                   │               │ checking excessively long X9.42...                     │
│            │               │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2023-5678              │
├────────────┼───────────────┼──────────┤        │                   ├───────────────┼────────────────────────────────────────────────────────┤
│ libssl3    │ CVE-2023-5363 │ HIGH     │        │                   │ 3.1.4-r0      │ openssl: Incorrect cipher key and IV length processing │
│            │               │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2023-5363              │
│            ├───────────────┼──────────┤        │                   ├───────────────┼────────────────────────────────────────────────────────┤
│            │ CVE-2023-5678 │ MEDIUM   │        │                   │ 3.1.4-r1      │ openssl: Generating excessively long X9.42 DH keys or  │
│            │               │          │        │                   │               │ checking excessively long X9.42...                     │
│            │               │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2023-5678              │
└────────────┴───────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────┘

@merlimat merlimat self-assigned this Nov 29, 2023
@merlimat merlimat merged commit 99f16c7 into streamnative:main Nov 29, 2023
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattisonchao mattisonchao Awaiting requested review from mattisonchao mattisonchao is a code owner

@coderzc coderzc Awaiting requested review from coderzc coderzc is a code owner

@RobertIndie RobertIndie Awaiting requested review from RobertIndie RobertIndie is a code owner

Assignees

@merlimat merlimat

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@merlimat