arkserver icon indicating copy to clipboard operation
arkserver copied to clipboard

Published 20 hours ago verified publisher icon thmhoag

arkserver docker image has sudo security issue CVE2021-3156 - please provide new image

Open maecki-maecki opened this issue 3 years ago • 6 comments

Description of Issue

CVE-2021-3156 means sudo is exploitable - this is fixed in xenial, but arkserver/steamcmd image has to be rebuild/republished for fix to be included ...

https://ubuntu.com/security/CVE-2021-3156

maecki-maecki avatar Jan 29 '21 21:01 maecki-maecki

I haven't gotten any luck getting response to anything for a while. I forked and have fixed a few of the outstanding issues.

https://github.com/jkread/arkserver

jkread avatar Feb 11 '21 20:02 jkread

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Mar 15 '21 06:03 stale[bot]

Sorry for the delay here @maecki-maecki. Do you have a link to the description of that CVE for posterity? Happy to re-open and address the issue but I wasn't able to find any specifics when I searched for that CVE number.

thmhoag avatar Mar 19 '21 19:03 thmhoag

https://ubuntu.com/security/CVE-2021-3156

Sorry, had a duplicate digit in that number ... Updated first comment, too

maecki-maecki avatar Mar 19 '21 19:03 maecki-maecki

Thanks @maecki-maecki, all good. I'm re-opening this, should be a pretty straight-forward fix with an update to the base image.

Linking the base image for posterity: https://github.com/thmhoag/steamcmd

thmhoag avatar Mar 19 '21 19:03 thmhoag