Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability patch in hub #3466

Merged
merged 1 commit into from
Jul 30, 2024
Merged

Vulnerability patch in hub #3466

merged 1 commit into from
Jul 30, 2024

Conversation

jupyterhub-bot
Copy link
Collaborator

A rebuild of quay.io/jupyterhub/k8s-hub has been found to influence the detected vulnerabilities! This PR will trigger a rebuild because it has updated a comment in the Dockerfile.

About

This scan for known vulnerabilities has been made by aquasecurity/trivy. Trivy was configured to filter the vulnerabilities with the following settings:

  • ignore-unfixed: true

Before

Before trying to rebuild the image, the following vulnerabilities was detected in quay.io/jupyterhub/k8s-hub:4.0.0-0.dev.git.6671.h1de7d9be.

Target Vuln. ID Package Name Installed v. Fixed v.
debian CVE-2024-1737 bind9-dnsutils 1:9.18.24-1 1:9.18.28-1~deb12u1
debian CVE-2024-1737 bind9-host 1:9.18.24-1 1:9.18.28-1~deb12u1
debian CVE-2024-1737 bind9-libs 1:9.18.24-1 1:9.18.28-1~deb12u1
debian CVE-2024-1737 dnsutils 1:9.18.24-1 1:9.18.28-1~deb12u1
debian CVE-2024-1975 bind9-dnsutils 1:9.18.24-1 1:9.18.28-1~deb12u1
debian CVE-2024-1975 bind9-host 1:9.18.24-1 1:9.18.28-1~deb12u1
debian CVE-2024-1975 bind9-libs 1:9.18.24-1 1:9.18.28-1~deb12u1
debian CVE-2024-1975 dnsutils 1:9.18.24-1 1:9.18.28-1~deb12u1
debian CVE-2024-4076 bind9-dnsutils 1:9.18.24-1 1:9.18.28-1~deb12u1
debian CVE-2024-4076 bind9-host 1:9.18.24-1 1:9.18.28-1~deb12u1
debian CVE-2024-4076 bind9-libs 1:9.18.24-1 1:9.18.28-1~deb12u1
debian CVE-2024-4076 dnsutils 1:9.18.24-1 1:9.18.28-1~deb12u1
debian DSA-5734-2 bind9-dnsutils 1:9.18.24-1 1:9.18.28-1~deb12u2
debian DSA-5734-2 bind9-host 1:9.18.24-1 1:9.18.28-1~deb12u2
debian DSA-5734-2 bind9-libs 1:9.18.24-1 1:9.18.28-1~deb12u2
debian DSA-5734-2 dnsutils 1:9.18.24-1 1:9.18.28-1~deb12u2
node-pkg CVE-2024-38999 requirejs 2.3.6 2.3.7
python-pkg CVE-2024-6345 setuptools 65.5.1 70.0.0

After

Target Vuln. ID Package Name Installed v. Fixed v.
node-pkg CVE-2024-38999 requirejs 2.3.6 2.3.7
python-pkg CVE-2024-6345 setuptools 65.5.1 70.0.0

@jupyterhub-bot jupyterhub-bot added the image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability label Jul 29, 2024
@manics manics merged commit 13c355c into main Jul 30, 2024
15 checks passed
@manics manics deleted the vuln-scan-hub branch July 30, 2024 08:36
consideRatio pushed a commit to jupyterhub/helm-chart that referenced this pull request Jul 30, 2024
[jupyterhub] Automatic update for commit 4.0.0-0.dev.git.6677.h6c11ea54
6b2735d 
jupyterhub/zero-to-jupyterhub-k8s#3466 Merge pull request #3466 from jupyterhub/vuln-scan-hub
@consideRatio consideRatio mentioned this pull request Sep 29, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@consideRatio consideRatio Awaiting requested review from consideRatio

Assignees
No one assigned
Labels
image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jupyterhub-bot @manics