You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@bookkeeper.apache.org by GitBox <gi...@apache.org> on 2021/06/28 12:53:49 UTC
[GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
padma81 opened a new issue #2746:
URL: https://github.com/apache/bookkeeper/issues/2746
**BUG REPORT**
***Vulnerability scanning of BookKeeper image shows security issues***
The BookKeeper 4.12.1 docker image when put to vulnerability scanning shows a lot of Critical/High severity issues in the CentOS 7 image. Most of these CVEs are not fixed in CentOS 7 and the suggestion is to upgrade to CentOS 8. Please find below the list of Critical/High CVEs:
CVE-2009-5155
CVE-2014-9114
CVE-2015-8540
CVE-2015-8948
CVE-2015-8982
CVE-2016-10087
CVE-2016-10109
CVE-2016-1234
CVE-2016-4483
CVE-2016-5300
CVE-2016-6261
CVE-2016-6262
CVE-2016-6263
CVE-2016-6318
CVE-2016-6321
CVE-2016-8615
CVE-2016-8617
CVE-2016-8623
CVE-2016-8624
CVE-2016-8625
CVE-2016-9586
CVE-2017-0663
CVE-2017-1000254
CVE-2017-10684
CVE-2017-10790
CVE-2017-13728
CVE-2017-13729
CVE-2017-13730
CVE-2017-13731
CVE-2017-13732
CVE-2017-13733
CVE-2017-16879
CVE-2017-16932
CVE-2017-18078
CVE-2017-6004
CVE-2017-6891
CVE-2017-7501
CVE-2017-9047
CVE-2017-9048
CVE-2017-9049
CVE-2017-9050
CVE-2017-9233
CVE-2018-1123
CVE-2018-16429
CVE-2018-6003
CVE-2018-6954
CVE-2018-8740
CVE-2019-13012
CVE-2019-13050
CVE-2019-13115
CVE-2019-13117
CVE-2019-13118
CVE-2019-13565
CVE-2019-19906
CVE-2019-19924
CVE-2019-3842
CVE-2019-3843
CVE-2019-3844
CVE-2019-9923
CVE-2020-1752
CVE-2020-23922
CVE-2020-25709
CVE-2020-25710
CVE-2020-27619
CVE-2020-28196
CVE-2020-29361
CVE-2020-36221
CVE-2020-36222
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36226
CVE-2020-36227
CVE-2020-36228
CVE-2020-36229
CVE-2020-36230
CVE-2020-8231
CVE-2020-8285
CVE-2021-20294
CVE-2021-23240
CVE-2021-23840
CVE-2021-27212
CVE-2021-27218
CVE-2021-3517
CVE-2021-3518
***Expected behavior***
All the above CVEs should not be reflected once upgraded to CentOS 8.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@bookkeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bookkeeper] eolivelli commented on issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
Posted by GitBox <gi...@apache.org>.
eolivelli commented on issue #2746:
URL: https://github.com/apache/bookkeeper/issues/2746#issuecomment-870875714
Are you interested in sending a PR?
The dockerfile is in the docker directory
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@bookkeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bookkeeper] timjbutler commented on issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
Posted by GitBox <gi...@apache.org>.
timjbutler commented on issue #2746:
URL: https://github.com/apache/bookkeeper/issues/2746#issuecomment-870661975
CentOS hasn't pushed a version in 5 months at this point. (https://hub.docker.com/_/centos?tab=tags&page=1&ordering=last_updated)
I don't know how the changes in the CentOS project will change support for the CentOS base image, but moving to a non-CentOS base image with a higher level of support could be considered.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@bookkeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org