Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Address security vulnerabilities with openstorage/stork:2.11.0 #1126

Open
dvasilen opened this issue Jul 22, 2022 · 3 comments
Open

Address security vulnerabilities with openstorage/stork:2.11.0 #1126

dvasilen opened this issue Jul 22, 2022 · 3 comments

Comments

@dvasilen
Copy link

Is this a BUG REPORT or FEATURE REQUEST?:

Security vulnerabilities

What happened:

The latest openstorage/stork:2.11.0 has a number of high and medium vulnerabilities

Vulnerable Packages Found
=========================

Vulnerability ID   Policy Status   Affected Packages   How to Resolve
CVE-2022-29824     Active          libxml2             Upgrade libxml2 to >= 2.9.7-13.el8_6.1
CVE-2021-40528     Active          libgcrypt           Upgrade libgcrypt to >= 1.8.5-7.el8_6
CVE-2022-22576     Active          curl, libcurl       Upgrade 2 packages. Re-run command with --extended to view.
CVE-2022-27774     Active          curl, libcurl       Upgrade 2 packages. Re-run command with --extended to view.
CVE-2022-27776     Active          curl, libcurl       Upgrade 2 packages. Re-run command with --extended to view.
CVE-2022-27782     Active          curl, libcurl       Upgrade 2 packages. Re-run command with --extended to view.
CVE-2022-25313     Active          expat               Upgrade expat to >= 2.2.5-8.el8_6.2
CVE-2022-25314     Active          expat               Upgrade expat to >= 2.2.5-8.el8_6.2

What you expected to happen:
The security vulnerabilities are addressed

How to reproduce it (as minimally and precisely as possible):
Run vulnerability report for the openstorage/stork:2.11.0 docker image

Anything else we need to know?:

Environment:

@adityadani
Copy link
Contributor

Thanks for reporting the issue. We will look into it. Can you share which image scan tool you used to find these vulnerabilities?

@dvasilen
Copy link
Author

We use IBM Vulnerability Advisor https://cloud.ibm.com/docs/va/va_index.html?interface=ui

@dvasilen
Copy link
Author

Here is the latest scan for openstorage/stork:2.11.2

Image 'openstorage/stork:2.11.2' was last scanned on Wed Aug 10 08:30:05 UTC 2022
The scan results show that 4 ISSUES were found for the image.

Vulnerable Packages Found
=========================

Vulnerability ID   Policy Status   Affected Packages       How to Resolve
CVE-2022-1586      Active          pcre2                   Upgrade pcre2 to >= 10.32-3.el8_6
CVE-2022-1292      Active          openssl-libs, openssl   Upgrade 2 packages. Re-run command with --extended to view.
CVE-2022-2068      Active          openssl-libs, openssl   Upgrade 2 packages. Re-run command with --extended to view.
CVE-2022-2097      Active          openssl-libs, openssl   Upgrade 2 packages. Re-run command with --extended to view.

To see the details about the fixes for these packages, run the command again with the '--extended' flag.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants