Address security vulnerabilities with openstorage/stork:2.11.0 #1126
Description
Is this a BUG REPORT or FEATURE REQUEST?:
Security vulnerabilities
What happened:
The latest openstorage/stork:2.11.0 has a number of high and medium vulnerabilities
Vulnerable Packages Found
=========================
Vulnerability ID Policy Status Affected Packages How to Resolve
CVE-2022-29824 Active libxml2 Upgrade libxml2 to >= 2.9.7-13.el8_6.1
CVE-2021-40528 Active libgcrypt Upgrade libgcrypt to >= 1.8.5-7.el8_6
CVE-2022-22576 Active curl, libcurl Upgrade 2 packages. Re-run command with --extended to view.
CVE-2022-27774 Active curl, libcurl Upgrade 2 packages. Re-run command with --extended to view.
CVE-2022-27776 Active curl, libcurl Upgrade 2 packages. Re-run command with --extended to view.
CVE-2022-27782 Active curl, libcurl Upgrade 2 packages. Re-run command with --extended to view.
CVE-2022-25313 Active expat Upgrade expat to >= 2.2.5-8.el8_6.2
CVE-2022-25314 Active expat Upgrade expat to >= 2.2.5-8.el8_6.2
What you expected to happen:
The security vulnerabilities are addressed
How to reproduce it (as minimally and precisely as possible):
Run vulnerability report for the openstorage/stork:2.11.0 docker image
Anything else we need to know?:
Environment:
- Kubernetes version (use
kubectl version): 1.23.0 - Cloud provider or hardware configuration: IKS
- OS (e.g. from /etc/os-release): Ubuntu 18.04
- Kernel (e.g.
uname -a): GNU/Linux 4.15.0-188-generic - Install tools: https://docs.portworx.com/portworx-install-with-kubernetes/operate-and-maintain-on-kubernetes/upgrade/upgrade-daemonset/