Closed
Description
What happened:
CVE in registry.k8s.io/build-image/distroless-iptables:v0.6.2
image
➜ trivy image --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL registry.k8s.io/build-image/distroless-iptables:v0.6.2
2024-09-02T23:44:36.552-0700 INFO Need to update DB
2024-09-02T23:44:36.553-0700 INFO DB Repository: ghcr.io/aquasecurity/trivy-db
2024-09-02T23:44:36.553-0700 INFO Downloading DB...
52.71 MiB / 52.71 MiB [-----------------------------------------------------------------------------------------------------] 100.00% 20.13 MiB p/s 2.8s
2024-09-02T23:44:40.496-0700 INFO Vulnerability scanning is enabled
2024-09-02T23:44:40.496-0700 INFO Secret scanning is enabled
2024-09-02T23:44:40.496-0700 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-09-02T23:44:40.496-0700 INFO Please see also https://aquasecurity.github.io/trivy/v0.48/docs/scanner/secret/#recommendation for faster secret detection
2024-09-02T23:44:48.201-0700 INFO Detected OS: debian
2024-09-02T23:44:48.201-0700 INFO Detecting Debian vulnerabilities...
2024-09-02T23:44:48.209-0700 INFO Number of language-specific files: 0
registry.k8s.io/build-image/distroless-iptables:v0.6.2 (debian 12.6)
Total: 2 (MEDIUM: 2, HIGH: 0, CRITICAL: 0)
┌─────────┬───────────────┬──────────┬────────┬───────────────────┬──────────────────┬─────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├─────────┼───────────────┼──────────┼────────┼───────────────────┼──────────────────┼─────────────────────────────────────────────────────┤
│ libssl3 │ CVE-2024-4603 │ MEDIUM │ fixed │ 3.0.13-1~deb12u1 │ 3.0.14-1~deb12u1 │ openssl: Excessive time spent checking DSA keys and │
│ │ │ │ │ │ │ parameters │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-4603 │
│ ├───────────────┤ │ │ │ ├─────────────────────────────────────────────────────┤
│ │ CVE-2024-4741 │ │ │ │ │ openssl: Use After Free with SSL_free_buffers │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-4741 │
└─────────┴───────────────┴──────────┴────────┴───────────────────┴──────────────────┴─────────────────────────────────────────────────────┘
What you expected to happen:
New distroless-iptables images with CVEs resolved.