Skip to content

Switch to Debian 11(bullseye) in order to remediate multiple vulnerabilities #2

Open
mashayev wants to merge 4 commits intomasterfrom
eddie.switch_to_debian
Open

Switch to Debian 11(bullseye) in order to remediate multiple vulnerabilities #2
mashayev wants to merge 4 commits intomasterfrom
eddie.switch_to_debian

Conversation

@mashayev
Copy link

@mashayev mashayev commented May 16, 2024

Before:

$ grype --only-fixed mishasel/prometheus_amqp_proxy

NAME          INSTALLED  FIXED-IN    TYPE  VULNERABILITY   SEVERITY
busybox       1.24.2-r8  1.24.2-r13  apk   CVE-2017-16544  High
busybox       1.24.2-r8  1.24.2-r12  apk   CVE-2016-6301   High
busybox       1.24.2-r8  1.24.2-r13  apk   CVE-2017-15873  Medium
libcrypto1.0  1.0.2h-r0  1.0.2h-r3   apk   CVE-2016-6303   Critical
libcrypto1.0  1.0.2h-r0  1.0.2h-r3   apk   CVE-2016-2182   Critical
libcrypto1.0  1.0.2h-r0  1.0.2h-r1   apk   CVE-2016-2177   Critical
libcrypto1.0  1.0.2h-r0  1.0.2o-r1   apk   CVE-2018-0732   High
libcrypto1.0  1.0.2h-r0  1.0.2k-r0   apk   CVE-2017-3731   High
libcrypto1.0  1.0.2h-r0  1.0.2j-r0   apk   CVE-2016-7052   High
libcrypto1.0  1.0.2h-r0  1.0.2i-r0   apk   CVE-2016-6304   High
libcrypto1.0  1.0.2h-r0  1.0.2h-r3   apk   CVE-2016-6302   High
libcrypto1.0  1.0.2h-r0  1.0.2i-r0   apk   CVE-2016-2183   High
libcrypto1.0  1.0.2h-r0  1.0.2h-r4   apk   CVE-2016-2181   High
libcrypto1.0  1.0.2h-r0  1.0.2h-r2   apk   CVE-2016-2180   High
libcrypto1.0  1.0.2h-r0  1.0.2h-r3   apk   CVE-2016-2179   High
libcrypto1.0  1.0.2h-r0  1.0.2q-r0   apk   CVE-2018-5407   Medium
libcrypto1.0  1.0.2h-r0  1.0.2o-r0   apk   CVE-2018-0739   Medium
libcrypto1.0  1.0.2h-r0  1.0.2o-r2   apk   CVE-2018-0737   Medium
libcrypto1.0  1.0.2h-r0  1.0.2q-r0   apk   CVE-2018-0734   Medium
libcrypto1.0  1.0.2h-r0  1.0.2o-r0   apk   CVE-2018-0733   Medium
libcrypto1.0  1.0.2h-r0  1.0.2n-r0   apk   CVE-2017-3738   Medium
libcrypto1.0  1.0.2h-r0  1.0.2n-r0   apk   CVE-2017-3737   Medium
libcrypto1.0  1.0.2h-r0  1.0.2m-r0   apk   CVE-2017-3736   Medium
libcrypto1.0  1.0.2h-r0  1.0.2m-r0   apk   CVE-2017-3735   Medium
libcrypto1.0  1.0.2h-r0  1.0.2k-r0   apk   CVE-2017-3732   Medium
libcrypto1.0  1.0.2h-r0  1.0.2k-r0   apk   CVE-2016-7055   Medium
libcrypto1.0  1.0.2h-r0  1.0.2i-r0   apk   CVE-2016-6306   Medium
libcrypto1.0  1.0.2h-r0  1.0.2h-r1   apk   CVE-2016-2178   Medium
libssl1.0     1.0.2h-r0  1.0.2h-r3   apk   CVE-2016-6303   Critical
libssl1.0     1.0.2h-r0  1.0.2h-r3   apk   CVE-2016-2182   Critical
libssl1.0     1.0.2h-r0  1.0.2h-r1   apk   CVE-2016-2177   Critical
libssl1.0     1.0.2h-r0  1.0.2o-r1   apk   CVE-2018-0732   High
libssl1.0     1.0.2h-r0  1.0.2k-r0   apk   CVE-2017-3731   High
libssl1.0     1.0.2h-r0  1.0.2j-r0   apk   CVE-2016-7052   High
libssl1.0     1.0.2h-r0  1.0.2i-r0   apk   CVE-2016-6304   High
libssl1.0     1.0.2h-r0  1.0.2h-r3   apk   CVE-2016-6302   High
libssl1.0     1.0.2h-r0  1.0.2i-r0   apk   CVE-2016-2183   High
libssl1.0     1.0.2h-r0  1.0.2h-r4   apk   CVE-2016-2181   High
libssl1.0     1.0.2h-r0  1.0.2h-r2   apk   CVE-2016-2180   High
libssl1.0     1.0.2h-r0  1.0.2h-r3   apk   CVE-2016-2179   High
libssl1.0     1.0.2h-r0  1.0.2q-r0   apk   CVE-2018-5407   Medium
libssl1.0     1.0.2h-r0  1.0.2o-r0   apk   CVE-2018-0739   Medium
libssl1.0     1.0.2h-r0  1.0.2o-r2   apk   CVE-2018-0737   Medium
libssl1.0     1.0.2h-r0  1.0.2q-r0   apk   CVE-2018-0734   Medium
libssl1.0     1.0.2h-r0  1.0.2o-r0   apk   CVE-2018-0733   Medium
libssl1.0     1.0.2h-r0  1.0.2n-r0   apk   CVE-2017-3738   Medium
libssl1.0     1.0.2h-r0  1.0.2n-r0   apk   CVE-2017-3737   Medium
libssl1.0     1.0.2h-r0  1.0.2m-r0   apk   CVE-2017-3736   Medium
libssl1.0     1.0.2h-r0  1.0.2m-r0   apk   CVE-2017-3735   Medium
libssl1.0     1.0.2h-r0  1.0.2k-r0   apk   CVE-2017-3732   Medium
libssl1.0     1.0.2h-r0  1.0.2k-r0   apk   CVE-2016-7055   Medium
libssl1.0     1.0.2h-r0  1.0.2i-r0   apk   CVE-2016-6306   Medium
libssl1.0     1.0.2h-r0  1.0.2h-r1   apk   CVE-2016-2178   Medium
musl          1.1.14-r9  1.1.14-r13  apk   CVE-2016-8859   Critical
musl          1.1.14-r9  1.1.14-r16  apk   CVE-2017-15650  High
musl-utils    1.1.14-r9  1.1.14-r13  apk   CVE-2016-8859   Critical
musl-utils    1.1.14-r9  1.1.14-r16  apk   CVE-2017-15650  High
zlib          1.2.8-r2   1.2.11-r0   apk   CVE-2016-9843   Critical
zlib          1.2.8-r2   1.2.11-r0   apk   CVE-2016-9841   Critical
zlib          1.2.8-r2   1.2.11-r0   apk   CVE-2016-9842   High
zlib          1.2.8-r2   1.2.11-r0   apk   CVE-2016-9840   High

After:

$ grype --only-fixed my_prometheus_amqp_proxy

No vulnerabilities found

@mashayev mashayev requested review from jeff-armis and moshe May 16, 2024 14:44
@mashayev
Copy link
Author

mashayev commented May 16, 2024

It wasn't tested yet. This is just a POC... I will update once it was tested and working as it suppose to.
CC: @moshe / @jeff-armis

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@moshe moshe Awaiting requested review from moshe

@jeff-armis jeff-armis Awaiting requested review from jeff-armis

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mashayev