Bump Gosu #10137
Assignees
Labels
Comments
|
@coltonfreeman26 Please, read this conversation #7419, and particularly, this comment #7419 (comment). A |
|
Hello @recena thank you for that info, it is very helpful. |
|
You can close this issue but also just found out Gosu is not needed unless running container as root which we are not. Again thank you for the help. |
|
Hi, we are glad to announce that we got rid of $ trivy image --ignore-unfixed bitnami/postgresql:15.2.0-debian-11-r22
bitnami/postgresql:15.2.0-debian-11-r22 (debian 11.6)
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
opt/bitnami/common/bin/gosu (gobinary)
Total: 3 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 2, CRITICAL: 0)
┌────────────────────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├────────────────────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤
│ github.com/opencontainers/runc │ CVE-2022-29162 │ HIGH │ v1.1.0 │ v1.1.2 │ runc: incorrect handling of inheritable capabilities │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29162 │
│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤
│ │ CVE-2023-27561 │ │ │ v1.1.5 │ runc: volume mount race condition (regression of │
│ │ │ │ │ │ CVE-2019-19921) │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │
│ ├────────────────┼──────────┤ ├───────────────┼────────────────────────────────────────────────────────────┤
│ │ CVE-2022-24769 │ MEDIUM │ │ v1.1.2 │ moby: Default inheritable capabilities for linux container │
│ │ │ │ │ │ should be empty │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-24769 │
└────────────────────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)VS $ trivy image --ignore-unfixed bitnami/postgresql:15.2.0-debian-11-r23
bitnami/postgresql:15.2.0-debian-11-r23 (debian 11.6)
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)From now on, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Name and Version
bitnami/tomcat:10.1.1
What is the problem this feature will solve?
Remove high and critical vulnerabilities found in
/opt/bitnami/common/bin/gosucompiled with go-1.16.7What is the feature you are proposing to solve the problem?
Update gosu to bump the go version to resolve these findings.
What alternatives have you considered?
Sorry for the issue template. I know this is not what this typically is for.
We are using the bitnami/tomcat:10.1.1 image and our scan tools are picking up a bunch of high and crit findings in regards to go from
/opt/bitnami/common/bin/gosu. Is it possible to bump yalls version of gosu to help with these findings?Please let me know if you need me to provide any more information or details.
W/r
Colton
The text was updated successfully, but these errors were encountered: