This repository was archived by the owner on May 17, 2024. It is now read-only.
This repository was archived by the owner on May 17, 2024. It is now read-only.
Upgrade openssl to 1.1.1g-r0 #163
Description
Current build(v0.3.0) uses alpine:3.10 as its base image.
The alpine version comes with an outdated openssl preinstalled.
I'll raise a PR to do the upgrade & address this vulnerability CVE-2020-1967.
➜ trivy quay.io/jetstack/kube-oidc-proxy:v0.3.0
2020-08-06T16:26:19.354+0530 INFO Detecting Alpine vulnerabilities...
quay.io/jetstack/kube-oidc-proxy:v0.3.0 (alpine 3.10.4)
=======================================================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| openssl | CVE-2020-1967 | MEDIUM | 1.1.1d-r2 | 1.1.1g-r0 | openssl: Segmentation fault in |
| | | | | | SSL_check_chain causes denial |
| | | | | | of service |
+---------+------------------+----------+-------------------+---------------+--------------------------------+