Anchore scan reported some security issues reported at CVE to exist in DBAAS
base Docker image, Alpine 3.11. To fix the issues update these packages to
DBAAS image on top of the Alpine 3.11:
openssl (fixed in: 1.1.1k-r0)(CVE-2021-3449)
openssl (fixed in: 1.1.1k-r0)(CVE-2021-3450)
libssl1.1 (fixed in: 1.1.1k-r0)(CVE-2021-3449)
libssl1.1 (fixed in: 1.1.1k-r0)(CVE-2021-3450)
libcrypto1.1 (fixed in: 1.1.1k-r0)(CVE-2021-3449)
libcrypto1.1 (fixed in: 1.1.1k-r0)(CVE-2021-3450)
musl-utils (fixed in: 1.1.24-r3)(CVE-2020-28928)
ssl_client (fixed in: 1.31.1-r10)(CVE-2021-28831)
busybox (fixed in: 1.31.1-r10)(CVE-2021-28831)
Remove the install of the curl package what does not seem to be mandatory for
DBAAS operations to exists. This also minimize possible security issues with
curl in the future.
Issue-ID: RIC-794
Signed-off-by: Timo Tietavainen <timo.tietavainen@nokia.com>
Change-Id: I70d847f6438397d1f81bb3d6eb51e0c6f4dc2a57
# This file is expected to be in the docker build directory;
# can be moved with suitable JJB configuration.
---
# This file is expected to be in the docker build directory;
# can be moved with suitable JJB configuration.
---
FROM redis:5.0.9-alpine3.11 as build
FROM redis:5.0.9-alpine3.11 as build
-RUN apk add --upgrade openssl
-RUN apk add curl
+RUN apk --update add --upgrade --no-cache openssl ssl_client musl-utils busybox
+
COPY --from=build-env /usr/local/libexec/redismodule/libredismodule.so /usr/local/libexec/redismodule/libredismodule.so
WORKDIR /data
COPY --from=build-env /usr/local/libexec/redismodule/libredismodule.so /usr/local/libexec/redismodule/libredismodule.so
WORKDIR /data
Version history
---------------
Version history
---------------
+[0.5.2] - 2021-06-04
+
+* Upgrade packages to fix possible security vulnerability reported in Alpine base image.
+
[0.5.1] - 2021-02-25
* Upgrade SSL version to 1.1.1j-r0 to fix possible SSL security vulnerability.
[0.5.1] - 2021-02-25
* Upgrade SSL version to 1.1.1j-r0 to fix possible SSL security vulnerability.