Skip to content

Vulnerability patch in network-tools #3624

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 17, 2025
Merged

Vulnerability patch in network-tools #3624

merged 1 commit into from
Feb 17, 2025

Conversation

jupyterhub-bot
Copy link
Collaborator

A rebuild of quay.io/jupyterhub/k8s-network-tools has been found to influence the detected vulnerabilities! This PR will trigger a rebuild because it has updated a comment in the Dockerfile.

About

This scan for known vulnerabilities has been made by aquasecurity/trivy. Trivy was configured to filter the vulnerabilities with the following settings:

  • ignore-unfixed: true

Before

Before trying to rebuild the image, the following vulnerabilities was detected in quay.io/jupyterhub/k8s-network-tools:4.1.1-0.dev.git.6911.h470c6909.

Target Vuln. ID Package Name Installed v. Fixed v.
alpine CVE-2024-13176 libcrypto3 3.1.7-r1 3.1.8-r0
alpine CVE-2024-13176 libssl3 3.1.7-r1 3.1.8-r0
alpine CVE-2025-26519 musl 1.2.4-r2 1.2.4-r3
alpine CVE-2025-26519 musl-utils 1.2.4-r2 1.2.4-r3

After

Target Vuln. ID Package Name Installed v. Fixed v.

@jupyterhub-bot jupyterhub-bot force-pushed the vuln-scan-network-tools branch from fe8af11 to 138f95a Compare February 17, 2025 05:05
@jupyterhub-bot jupyterhub-bot added the image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability label Feb 17, 2025
@manics manics merged commit de442bc into main Feb 17, 2025
14 checks passed
@manics manics deleted the vuln-scan-network-tools branch February 17, 2025 09:33
consideRatio pushed a commit to jupyterhub/helm-chart that referenced this pull request Feb 17, 2025
[jupyterhub] Automatic update for commit 4.1.1-0.dev.git.6954.hde442bc5
7f02f45 
jupyterhub/zero-to-jupyterhub-k8s#3624 Merge pull request #3624 from jupyterhub/vuln-scan-network-tools
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@consideRatio consideRatio Awaiting requested review from consideRatio

Assignees
No one assigned
Labels
image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jupyterhub-bot @manics