release
release copied to clipboard
kubernetes
CVE-2024-2961 in `registry.k8s.io/build-image/distroless-iptables:v0.5.3`
What happened:
CVE in registry.k8s.io/build-image/distroless-iptables:v0.5.3 image
➜ trivy image --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL registry.k8s.io/build-image/distroless-iptables:v0.5.3
2024-04-30T15:09:32.487-0700 INFO Vulnerability scanning is enabled
2024-04-30T15:09:32.488-0700 INFO Secret scanning is enabled
2024-04-30T15:09:32.488-0700 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-04-30T15:09:32.488-0700 INFO Please see also https://aquasecurity.github.io/trivy/v0.48/docs/scanner/secret/#recommendation for faster secret detection
2024-04-30T15:09:33.787-0700 INFO Detected OS: debian
2024-04-30T15:09:33.788-0700 INFO Detecting Debian vulnerabilities...
2024-04-30T15:09:33.799-0700 INFO Number of language-specific files: 0
registry.k8s.io/build-image/distroless-iptables:v0.5.3 (debian 12.5)
Total: 1 (MEDIUM: 0, HIGH: 1, CRITICAL: 0)
┌─────────┬───────────────┬──────────┬────────┬───────────────────┬────────────────┬────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├─────────┼───────────────┼──────────┼────────┼───────────────────┼────────────────┼────────────────────────────────────────────────────────┤
│ libc6 │ CVE-2024-2961 │ HIGH │ fixed │ 2.36-9+deb12u4 │ 2.36-9+deb12u6 │ glibc: Out of bounds write in iconv may lead to remote │
│ │ │ │ │ │ │ code... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-2961 │
└─────────┴───────────────┴──────────┴────────┴───────────────────┴────────────────┴────────────────────────────────────────────────────────┘
What you expected to happen:
New distroless-iptables images with CVEs resolved.
