Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability patch in hub #3247

Merged
merged 1 commit into from
Oct 16, 2023
Merged

Vulnerability patch in hub #3247

merged 1 commit into from
Oct 16, 2023

Conversation

jupyterhub-bot
Copy link
Collaborator

@jupyterhub-bot jupyterhub-bot commented Oct 9, 2023
edited
Loading

A rebuild of jupyterhub/k8s-hub has been found to influence the detected vulnerabilities! This PR will trigger a rebuild because it has updated a comment in the Dockerfile.

About

This scan for known vulnerabilities has been made by aquasecurity/trivy. Trivy was configured to filter the vulnerabilities with the following settings:

  • ignore-unfixed: true

Before

Before trying to rebuild the image, the following vulnerabilities was detected in jupyterhub/k8s-hub:3.1.1-0.dev.git.6350.h8210880f.

Target Vuln. ID Package Name Installed v. Fixed v.
debian CVE-2023-27533 curl 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8
debian CVE-2023-27533 libcurl3-gnutls 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8
debian CVE-2023-27533 libcurl4 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8
debian CVE-2023-27534 curl 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8
debian CVE-2023-27534 libcurl3-gnutls 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8
debian CVE-2023-27534 libcurl4 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8
debian CVE-2023-27535 curl 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8
debian CVE-2023-27535 libcurl3-gnutls 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8
debian CVE-2023-27535 libcurl4 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8
debian CVE-2023-27536 curl 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8
debian CVE-2023-27536 libcurl3-gnutls 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8
debian CVE-2023-27536 libcurl4 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8
debian CVE-2023-27538 curl 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8
debian CVE-2023-27538 libcurl3-gnutls 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8
debian CVE-2023-27538 libcurl4 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8
debian CVE-2023-28321 curl 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u9
debian CVE-2023-28321 libcurl3-gnutls 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u9
debian CVE-2023-28321 libcurl4 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u9
debian CVE-2023-28322 curl 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u9
debian CVE-2023-28322 libcurl3-gnutls 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u9
debian CVE-2023-28322 libcurl4 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u9
debian CVE-2023-29491 libncursesw6 6.2+20201114-2+deb11u1 6.2+20201114-2+deb11u2
debian CVE-2023-29491 libtinfo6 6.2+20201114-2+deb11u1 6.2+20201114-2+deb11u2
debian CVE-2023-29491 ncurses-base 6.2+20201114-2+deb11u1 6.2+20201114-2+deb11u2
debian CVE-2023-29491 ncurses-bin 6.2+20201114-2+deb11u1 6.2+20201114-2+deb11u2
debian CVE-2023-3446 libssl1.1 1.1.1n-0+deb11u5 1.1.1v-0~deb11u1
debian CVE-2023-3446 openssl 1.1.1n-0+deb11u5 1.1.1v-0~deb11u1
debian CVE-2023-36054 libgssapi-krb5-2 1.18.3-6+deb11u3 1.18.3-6+deb11u4
debian CVE-2023-36054 libk5crypto3 1.18.3-6+deb11u3 1.18.3-6+deb11u4
debian CVE-2023-36054 libkrb5-3 1.18.3-6+deb11u3 1.18.3-6+deb11u4
debian CVE-2023-36054 libkrb5support0 1.18.3-6+deb11u3 1.18.3-6+deb11u4
debian CVE-2023-3817 libssl1.1 1.1.1n-0+deb11u5 1.1.1v-0~deb11u1
debian CVE-2023-3817 openssl 1.1.1n-0+deb11u5 1.1.1v-0~deb11u1
debian CVE-2023-38545 curl 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u10
debian CVE-2023-38545 libcurl3-gnutls 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u10
debian CVE-2023-38545 libcurl4 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u10
debian CVE-2023-38546 curl 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u10
debian CVE-2023-38546 libcurl3-gnutls 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u10
debian CVE-2023-38546 libcurl4 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u10
debian CVE-2023-4911 libc-bin 2.31-13+deb11u6 2.31-13+deb11u7
debian CVE-2023-4911 libc6 2.31-13+deb11u6 2.31-13+deb11u7

After

Target Vuln. ID Package Name Installed v. Fixed v.

@jupyterhub-bot jupyterhub-bot added the image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability label Oct 9, 2023
@consideRatio consideRatio merged commit 0070eb5 into main Oct 16, 2023
13 checks passed
@consideRatio consideRatio deleted the vuln-scan-hub branch October 16, 2023 05:31
consideRatio pushed a commit to jupyterhub/helm-chart that referenced this pull request Oct 16, 2023
[jupyterhub] Automatic update for commit 3.1.1-0.dev.git.6359.h0070eb59
9238b9b 
jupyterhub/zero-to-jupyterhub-k8s#3247 Merge pull request #3247 from jupyterhub/vuln-scan-hub
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@consideRatio consideRatio Awaiting requested review from consideRatio

Assignees
No one assigned
Labels
image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jupyterhub-bot @consideRatio