docker-tor icon indicating copy to clipboard operation
docker-tor copied to clipboard

Published 20 hours ago verified publisher icon lncm

Update base image

Open Goro2030 opened this issue 3 years ago • 10 comments

When doing a docker scan lncm/tor, the report throws out a LOT of critical vulnerabilities that need patching. At the bottom of the report, it recommends updating to Debian:11-slim to get rid of most of them

Project name:      docker-image|lncm/tor
Docker image:      lncm/tor
Platform:          linux/amd64
Base image:        debian:10.10-slim

**Tested 85 dependencies for known vulnerabilities, found 61 vulnerabilities.**

Base Image         Vulnerabilities  Severity
debian:10.10-slim  61               10 high, 6 medium, 45 low

Recommendations for base image upgrade:

Major upgrades
Base Image      Vulnerabilities  Severity
debian:11-slim  37               1 high, 2 medium, 34 low

Goro2030 avatar Sep 18 '21 15:09 Goro2030

Thanks for the feedback

nolim1t avatar Sep 18 '21 15:09 nolim1t

Testing this out. You may try nolim1t/tor:0.4.6.7 if you have an arm64 architecture, but will probably build 0.4.7.1-alpha soon for all architectures

nolim1t avatar Sep 19 '21 06:09 nolim1t

@nolim1t , man, you're absolutelly awesome! Thanks a lot for building this. I'm switching NOW.

Goro2030 avatar Sep 19 '21 06:09 Goro2030

Why did the image grew 20 MB from 0.4.6 to 0.4.7? Did you leave any temp files in the build process in the final image maybe?

Goro2030 avatar Sep 19 '21 06:09 Goro2030

No idea I guess the base image has other stuff in it

nolim1t avatar Sep 19 '21 07:09 nolim1t

you can also wait for lncm/tor:0.4.7.1-alpha if you wanna live on the edge a little

nolim1t avatar Sep 19 '21 07:09 nolim1t

you can also wait for lncm/tor:0.4.7.1-alpha if you wanna live on the edge a little

I'm using your Dockerfile and changing it to 4.7.1-alpha (using tor-0.4.7.1-alpha.tar.gz ) ...... i can't wait to live on the edge :)

Goro2030 avatar Sep 19 '21 07:09 Goro2030

Project name: docker-image|lncm/tor Docker image: lncm/tor Platform: linux/amd64 Base image: debian:10.10-slim

Tested 85 dependencies for known vulnerabilities, found 61 vulnerabilities.

Base Image Vulnerabilities Severity debian:10.10-slim 61 10 high, 6 medium, 45 low

Recommendations for base image upgrade:

Major upgrades Base Image Vulnerabilities Severity debian:11-slim 37 1 high, 2 medium, 34 low

This is still happening in your latest Dockerfile, as the base image is the same.

Just replace all references from debian:buster-slim to debian:11-slim

Goro2030 avatar Sep 19 '21 08:09 Goro2030

Project name: docker-image|lncm/tor Docker image: lncm/tor Platform: linux/amd64 Base image: debian:10.10-slim Tested 85 dependencies for known vulnerabilities, found 61 vulnerabilities. Base Image Vulnerabilities Severity debian:10.10-slim 61 10 high, 6 medium, 45 low Recommendations for base image upgrade: Major upgrades Base Image Vulnerabilities Severity debian:11-slim 37 1 high, 2 medium, 34 low

This is still happening in your latest Dockerfile, as the base image is the same.

Just replace all references from debian:buster-slim to debian:11-slim

yes that is still being built.

You'll have to wait if you want the amd64 image

nolim1t avatar Sep 19 '21 10:09 nolim1t

0.4.7.1-alpha is now on dockerhub you can try this one out

nolim1t avatar Sep 19 '21 11:09 nolim1t