Code Review / ric-plt / dbaas.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (from: 1194d3a)
Fix security issues in DBAAS docker image 36/6236/1 0.5.2
authorTimo Tietavainen <timo.tietavainen@nokia.com>
Fri, 4 Jun 2021 19:08:55 +0000 (22:08 +0300)
committerTimo Tietavainen <timo.tietavainen@nokia.com>
Fri, 4 Jun 2021 19:32:21 +0000 (22:32 +0300)
Anchore scan reported some security issues reported at CVE to exist in DBAAS
base Docker image, Alpine 3.11. To fix the issues update these packages to
DBAAS image on top of the Alpine 3.11:

openssl (fixed in: 1.1.1k-r0)(CVE-2021-3449)
openssl (fixed in: 1.1.1k-r0)(CVE-2021-3450)
libssl1.1 (fixed in: 1.1.1k-r0)(CVE-2021-3449)
libssl1.1 (fixed in: 1.1.1k-r0)(CVE-2021-3450)
libcrypto1.1 (fixed in: 1.1.1k-r0)(CVE-2021-3449)
libcrypto1.1 (fixed in: 1.1.1k-r0)(CVE-2021-3450)
musl-utils (fixed in: 1.1.24-r3)(CVE-2020-28928)
ssl_client (fixed in: 1.31.1-r10)(CVE-2021-28831)
busybox (fixed in: 1.31.1-r10)(CVE-2021-28831)

Remove the install of the curl package what does not seem to be mandatory for
DBAAS operations to exists. This also minimize possible security issues with
curl in the future.

Issue-ID: RIC-794

Signed-off-by: Timo Tietavainen <timo.tietavainen@nokia.com>
Change-Id: I70d847f6438397d1f81bb3d6eb51e0c6f4dc2a57


No differences found