Upgrade openssl to 1.1.1g-r0
0xMAYANK opened this issue · 0 comments
0xMAYANK commented
Current build(v0.3.0) uses alpine:3.10 as its base image.
The alpine version comes with an outdated openssl preinstalled.
I'll raise a PR to do the upgrade & address this vulnerability CVE-2020-1967
.
➜ trivy quay.io/jetstack/kube-oidc-proxy:v0.3.0
2020-08-06T16:26:19.354+0530 INFO Detecting Alpine vulnerabilities...
quay.io/jetstack/kube-oidc-proxy:v0.3.0 (alpine 3.10.4)
=======================================================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| openssl | CVE-2020-1967 | MEDIUM | 1.1.1d-r2 | 1.1.1g-r0 | openssl: Segmentation fault in |
| | | | | | SSL_check_chain causes denial |
| | | | | | of service |
+---------+------------------+----------+-------------------+---------------+--------------------------------+