Comments (11)
Thanks for sharing providing these images.
For the distroless-iptables, gcr.io/gke-release/distroless-iptables:v0.2.4-gke.7
does not have any critical/high/medium CVEs, but does has low CVEs.
For the base image, gcr.io/distroless/base-debian11@sha256:73deaaf6a207c1a33850257ba74e0f196bc418636cada9943a03d7abea980d6d
has some low CVEs, but the one already checked in the code(gcr.io/distroless/static-debian11@sha256:7198a357ff3a8ef750b041324873960cf2153c11cc50abb9d8d5f8bb089f6b4e
) has 0 CVEs(no low as well).
I will only update the distroless-iptables.
from dns.
I've pushed the tag, we will promote the images to the k8s registry today-tomorrow.
from dns.
Thanks,
There are already newer images. Could you check 1.22.21?
There's also 1.22.22 tag, but it's not promoted so the image is not yet in the registry.
from dns.
1.22.21 also has the same CVE's mentioned. Like you mentioned 1.22.22 is not accessible.
I doubt that 1.22.22 doesn't have the CVE because the base images that are used to build(gcr.io/gke-release/distroless-iptables:v0.2.4-gke.2@sha256:de81db8d3d8d61fcc13bae7b8d4b1ca1248f8e88356e500e7cd9f3f9a1d35cf4 and gcr.io/distroless/static-debian11@sha256:7198a357ff3a8ef750b041324873960cf2153c11cc50abb9d8d5f8bb089f6b4e) have the CVEs in them.
https://github.com/kubernetes/dns/blob/1.22.22/rules.mk#LL34C14-L34C119
If you could provide me the newer base images that I can use, I would be happy to contribute. I am unable to list latest tags.
from dns.
Hmm, does the static-debian has the vulnerability? AFAIK it should have no ssl libs.
Could you check the latest image?
gcr.io/distroless/static-debian11@sha256:7198a357ff3a8ef750b041324873960cf2153c11cc50abb9d8d5f8bb089f6b4e
Maybe base-debian is affected? As it should have the ssl libs.
As for the distroless-iptables let me ask, maybe there's soon a fixed version be released.
And thanks for the report!
from dns.
My bad, yes, gcr.io/distroless/static-debian11@sha256:7198a357ff3a8ef750b041324873960cf2153c11cc50abb9d8d5f8bb089f6b4e
is green(0 known CVE), only the ditsroless-iptables requires update.
What open sourced repo is distroless-iptables part of?
from dns.
I've checked with the maintainers of the image. gcr.io/gke-release/distroless-iptables:v0.2.4-gke.7
has the fix already.
@i5haan could you help to check if the base-debian is affected?
And then to make a PR for both images (or only one if needed)? I'd approve and release a new tag.
Thanks!
from dns.
Latest base-debian is: gcr.io/distroless/base-debian11@sha256:73deaaf6a207c1a33850257ba74e0f196bc418636cada9943a03d7abea980d6d
from dns.
I'm just thinking, if we're updating distroless-iptables, then updating the base-debian to the latest won't hurt as well.
Could you please include the
Uploaded Jun 17, 2023, 2:19:59 PM
gcr.io/distroless/base-debian11@sha256:73deaaf6a207c1a33850257ba74e0f196bc418636cada9943a03d7abea980d6d
at
Line 32 in fed6049
In the PR as well?
from dns.
Oh, wait, the hash is the same for the base-debian. Yep, only distroless-iptables are for the update.
from dns.
Thanks for the approval! After the commit, when does it get released?
from dns.
Related Issues (20)
- Latest release images missing HOT 2
- Broken link in the readme HOT 3
- `CoreDNS` pod deployment specification HOT 3
- Link for kube-dns is broken in README.md HOT 3
- nodelocaldns livenessprobe doesn't work in UDP Recv-Q overflow case HOT 5
- Image CVE's reported for 1.22.21 HOT 1
- NodeLocalDNS not working with custom hosts HOT 6
- Output log as json HOT 3
- Using coredns daemonset instead of nodelocal dns HOT 19
- [Improvement] Add value compatibility for -upstreamsvc HOT 5
- [node-local dns] DNS requests intermittently receive refused response errors HOT 4
- Intermittent timed out accessing nodelocaldns HOT 2
- [NodeLocal DNS Cache] DNS requests not directed to the local cache HOT 2
- pull-kubernetes-dns-test broken at head HOT 2
- Several old CVE's still present on the latest k8s-dns-node-cache versions HOT 4
- Image for 1.22.27 missing HOT 3
- [node-local-dns] Query loss HOT 5
- CVE-2023-5363 and CVE-2023-5528 in 1.22.28 HOT 19
- k8s node-local-dns high slab memory consumption leading to OOM HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dns.