Skip to content

Vulnerability patch in hub #3635

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 17, 2025
Merged

Vulnerability patch in hub #3635

merged 1 commit into from
Mar 17, 2025

Conversation

@jupyterhub-bot
Copy link
Collaborator

A rebuild of quay.io/jupyterhub/k8s-hub has been found to influence the detected vulnerabilities! This PR will trigger a rebuild because it has updated a comment in the Dockerfile.

About

This scan for known vulnerabilities has been made by aquasecurity/trivy. Trivy was configured to filter the vulnerabilities with the following settings:

  • ignore-unfixed: true

Before

Before trying to rebuild the image, the following vulnerabilities was detected in quay.io/jupyterhub/k8s-hub:4.1.1-0.dev.git.6957.h29729451.

Target Vuln. ID Package Name Installed v. Fixed v.
debian CVE-2023-2610 vim 2:9.0.1378-2 2:9.0.1378-2+deb12u1
debian CVE-2023-2610 vim-common 2:9.0.1378-2 2:9.0.1378-2+deb12u1
debian CVE-2023-2610 vim-runtime 2:9.0.1378-2 2:9.0.1378-2+deb12u1
debian CVE-2023-4738 vim 2:9.0.1378-2 2:9.0.1378-2+deb12u1
debian CVE-2023-4738 vim-common 2:9.0.1378-2 2:9.0.1378-2+deb12u1
debian CVE-2023-4738 vim-runtime 2:9.0.1378-2 2:9.0.1378-2+deb12u1
debian CVE-2023-4752 vim 2:9.0.1378-2 2:9.0.1378-2+deb12u1
debian CVE-2023-4752 vim-common 2:9.0.1378-2 2:9.0.1378-2+deb12u1
debian CVE-2023-4752 vim-runtime 2:9.0.1378-2 2:9.0.1378-2+deb12u1
debian CVE-2023-4781 vim 2:9.0.1378-2 2:9.0.1378-2+deb12u1
debian CVE-2023-4781 vim-common 2:9.0.1378-2 2:9.0.1378-2+deb12u1
debian CVE-2023-4781 vim-runtime 2:9.0.1378-2 2:9.0.1378-2+deb12u1
debian CVE-2023-5344 vim 2:9.0.1378-2 2:9.0.1378-2+deb12u1
debian CVE-2023-5344 vim-common 2:9.0.1378-2 2:9.0.1378-2+deb12u1
debian CVE-2023-5344 vim-runtime 2:9.0.1378-2 2:9.0.1378-2+deb12u1
debian CVE-2024-11053 curl 7.88.1-10+deb12u8 7.88.1-10+deb12u10
debian CVE-2024-11053 libcurl3-gnutls 7.88.1-10+deb12u8 7.88.1-10+deb12u10
debian CVE-2024-11053 libcurl4 7.88.1-10+deb12u8 7.88.1-10+deb12u10
debian CVE-2024-22667 vim 2:9.0.1378-2 2:9.0.1378-2+deb12u1
debian CVE-2024-22667 vim-common 2:9.0.1378-2 2:9.0.1378-2+deb12u1
debian CVE-2024-22667 vim-runtime 2:9.0.1378-2 2:9.0.1378-2+deb12u1
debian CVE-2024-43802 vim 2:9.0.1378-2 2:9.0.1378-2+deb12u1
debian CVE-2024-43802 vim-common 2:9.0.1378-2 2:9.0.1378-2+deb12u1
debian CVE-2024-43802 vim-runtime 2:9.0.1378-2 2:9.0.1378-2+deb12u1
debian CVE-2024-47814 vim 2:9.0.1378-2 2:9.0.1378-2+deb12u1
debian CVE-2024-47814 vim-common 2:9.0.1378-2 2:9.0.1378-2+deb12u1
debian CVE-2024-47814 vim-runtime 2:9.0.1378-2 2:9.0.1378-2+deb12u1
debian CVE-2024-9681 curl 7.88.1-10+deb12u8 7.88.1-10+deb12u9
debian CVE-2024-9681 libcurl3-gnutls 7.88.1-10+deb12u8 7.88.1-10+deb12u9
debian CVE-2024-9681 libcurl4 7.88.1-10+deb12u8 7.88.1-10+deb12u9
debian CVE-2025-0167 curl 7.88.1-10+deb12u8 7.88.1-10+deb12u11
debian CVE-2025-0167 libcurl3-gnutls 7.88.1-10+deb12u8 7.88.1-10+deb12u11
debian CVE-2025-0167 libcurl4 7.88.1-10+deb12u8 7.88.1-10+deb12u11
debian CVE-2025-0395 libc-bin 2.36-9+deb12u9 2.36-9+deb12u10
debian CVE-2025-0395 libc6 2.36-9+deb12u9 2.36-9+deb12u10
debian CVE-2025-1094 libpq5 15.10-0+deb12u1 15.11-0+deb12u1
python-pkg CVE-2024-12797 cryptography 44.0.0 44.0.1
python-pkg CVE-2025-27516 Jinja2 3.1.5 3.1.6

After

Target Vuln. ID Package Name Installed v. Fixed v.
python-pkg CVE-2024-12797 cryptography 44.0.0 44.0.1
python-pkg CVE-2025-27516 Jinja2 3.1.5 3.1.6

@jupyterhub-bot jupyterhub-bot added the image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability label Mar 17, 2025
@consideRatio consideRatio merged commit cbfaabd into main Mar 17, 2025
14 checks passed
@consideRatio consideRatio deleted the vuln-scan-hub branch March 17, 2025 07:42
consideRatio pushed a commit to jupyterhub/helm-chart that referenced this pull request Mar 17, 2025
[jupyterhub] Automatic update for commit 4.1.1-0.dev.git.6980.hcbfaabd4
14a594e 
jupyterhub/zero-to-jupyterhub-k8s#3635 Merge pull request #3635 from jupyterhub/vuln-scan-hub
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@consideRatio consideRatio Awaiting requested review from consideRatio

Assignees

No one assigned

Labels

image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jupyterhub-bot @consideRatio