vulnerabilities in libcrypto and libssl libraries

Question

marianobilli opened this issue 2 years ago · 3 comments

Upon running a trivy vulnerability scan with

docker run --rm -v trivy-cache:/root/.cache/ -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy:latest image kiwigrid/k8s-sidecar

Both libraries should be bumped to, at least, version 1.1.1t-r2

Thanks

Answer 1 · 2023-04-03T16:40:33.000Z

Thanks for the report, can you please check whether our upstream base image is affected as well?

Answer 2 · 2023-08-08T07:59:53.000Z

This issue is solved with the actual image, I think, but there are new findings.
see: #299

But I think this issue can be closed.

Answer 3 · 2023-08-09T20:53:45.000Z

yeah, let me close this issue and we'll continue it in #299