Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Build new image with latest perl-base version #92

Closed
vukor opened this issue Aug 12, 2020 · 2 comments
Closed

Build new image with latest perl-base version #92

vukor opened this issue Aug 12, 2020 · 2 comments

Comments

@vukor
Copy link

vukor commented Aug 12, 2020

Hello, could you please build new image with latest perl-base version?

Latest image has vulnerable perl package (see - https://security-tracker.debian.org/tracker/CVE-2020-12723 , https://security-tracker.debian.org/tracker/CVE-2020-10543):

docker run --rm criteord/cassandra_exporter:2.3.5 apt show perl-base | grep Version:

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Version: 5.28.1-6

How to fix:

$ docker run --rm criteord/cassandra_exporter:2.3.5 sh -c 'apt update ; apt install perl-base; apt show perl-base | grep Version:'

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Get:1 http://security.debian.org/debian-security buster/updates InRelease [65.4 kB]
Get:2 http://deb.debian.org/debian buster InRelease [122 kB]
Get:3 http://security.debian.org/debian-security buster/updates/main amd64 Packages [218 kB]
Get:4 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]
Get:5 http://deb.debian.org/debian buster/main amd64 Packages [7906 kB]
Get:6 http://deb.debian.org/debian buster-updates/main amd64 Packages [7868 B]
Fetched 8372 kB in 7s (1147 kB/s)
Reading package lists...
Building dependency tree...
Reading state information...
11 packages can be upgraded. Run 'apt list --upgradable' to see them.

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Reading package lists...
Building dependency tree...
Reading state information...
The following package was automatically installed and is no longer required:
  lsb-base
Use 'apt autoremove' to remove it.
Suggested packages:
  perl sensible-utils
The following packages will be upgraded:
  perl-base
1 upgraded, 0 newly installed, 0 to remove and 10 not upgraded.
Need to get 1514 kB of archives.
After this operation, 12.3 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian buster/main amd64 perl-base amd64 5.28.1-6+deb10u1 [1514 kB]
debconf: delaying package configuration, since apt-utils is not installed
Fetched 1514 kB in 2s (955 kB/s)
(Reading database ... 6929 files and directories currently installed.)
Preparing to unpack .../perl-base_5.28.1-6+deb10u1_amd64.deb ...
Unpacking perl-base (5.28.1-6+deb10u1) over (5.28.1-6) ...
Setting up perl-base (5.28.1-6+deb10u1) ...

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Version: 5.28.1-6+deb10u1

Thank you.
@erebe
Copy link
Contributor

erebe commented Aug 14, 2020
edited
Loading

Hello,
I rebuilt a new docker image criteord/cassandra_exporter:2.3.6
Which should contain the fix. Can you confirm me it is ok for you

https://hub.docker.com/layers/criteord/cassandra_exporter/2.3.6/images/sha256-f64a13d0e40dfc54fe966eb2273397569fb680d834baaab7ad88093d520fc9e6?context=explore

@vukor
Copy link
Author

vukor commented Aug 17, 2020

@erebe
Hello, looks good:

root@5a8fad2621a5:/# apt-cache madison perl-base
 perl-base | 5.28.1-6+deb10u1 | http://deb.debian.org/debian buster/main amd64 Packages

root@5a8fad2621a5:/# apt show perl-base | grep Version:

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Version: 5.28.1-6+deb10u1

Thanks a lot!

@vukor vukor closed this as completed Aug 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@erebe @vukor