Upgrade openssl to 1.1.1g-r0

Question

Upgrade openssl to 1.1.1g-r0

0xMAYANK opened this issue 4 years ago · 0 comments

Current build(v0.3.0) uses alpine:3.10 as its base image.
The alpine version comes with an outdated openssl preinstalled.
I'll raise a PR to do the upgrade & address this vulnerability CVE-2020-1967.

➜ trivy quay.io/jetstack/kube-oidc-proxy:v0.3.0
2020-08-06T16:26:19.354+0530    INFO    Detecting Alpine vulnerabilities...

quay.io/jetstack/kube-oidc-proxy:v0.3.0 (alpine 3.10.4)
=======================================================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)

+---------+------------------+----------+-------------------+---------------+--------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |             TITLE              |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| openssl | CVE-2020-1967    | MEDIUM   | 1.1.1d-r2         | 1.1.1g-r0     | openssl: Segmentation fault in |
|         |                  |          |                   |               | SSL_check_chain causes denial  |
|         |                  |          |                   |               | of service                     |
+---------+------------------+----------+-------------------+---------------+--------------------------------+