Skip to content

Vulnerability patch in hub #3670

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 21, 2025
Merged

Vulnerability patch in hub #3670

merged 1 commit into from
May 21, 2025

Conversation

@jupyterhub-bot
Copy link
Collaborator

@jupyterhub-bot jupyterhub-bot commented May 19, 2025

A rebuild of quay.io/jupyterhub/k8s-hub has been found to influence the detected vulnerabilities! This PR will trigger a rebuild because it has updated a comment in the Dockerfile.

About

This scan for known vulnerabilities has been made by aquasecurity/trivy. Trivy was configured to filter the vulnerabilities with the following settings:

  • ignore-unfixed: true

Before

Before trying to rebuild the image, the following vulnerabilities was detected in quay.io/jupyterhub/k8s-hub:4.2.1-0.dev.git.7014.hc8959795.

Target Vuln. ID Package Name Installed v. Fixed v.
debian CVE-2023-29383 login 1:4.13+dfsg1-1+b1 1:4.13+dfsg1-1+deb12u1
debian CVE-2023-29383 passwd 1:4.13+dfsg1-1+b1 1:4.13+dfsg1-1+deb12u1
debian CVE-2023-4039 gcc-12-base 12.2.0-14 12.2.0-14+deb12u1
debian CVE-2023-4039 libgcc-s1 12.2.0-14 12.2.0-14+deb12u1
debian CVE-2023-4039 libstdc++6 12.2.0-14 12.2.0-14+deb12u1
debian CVE-2023-4641 login 1:4.13+dfsg1-1+b1 1:4.13+dfsg1-1+deb12u1
debian CVE-2023-4641 passwd 1:4.13+dfsg1-1+b1 1:4.13+dfsg1-1+deb12u1
debian CVE-2024-13176 libssl3 3.0.15-1~deb12u1 3.0.16-1~deb12u1
debian CVE-2024-13176 openssl 3.0.15-1~deb12u1 3.0.16-1~deb12u1
debian CVE-2024-26462 libgssapi-krb5-2 1.20.1-2+deb12u2 1.20.1-2+deb12u3
debian CVE-2024-26462 libk5crypto3 1.20.1-2+deb12u2 1.20.1-2+deb12u3
debian CVE-2024-26462 libkrb5-3 1.20.1-2+deb12u2 1.20.1-2+deb12u3
debian CVE-2024-26462 libkrb5support0 1.20.1-2+deb12u2 1.20.1-2+deb12u3
debian CVE-2025-1390 libcap2 1:2.66-4 1:2.66-4+deb12u1
debian CVE-2025-24528 libgssapi-krb5-2 1.20.1-2+deb12u2 1.20.1-2+deb12u3
debian CVE-2025-24528 libk5crypto3 1.20.1-2+deb12u2 1.20.1-2+deb12u3
debian CVE-2025-24528 libkrb5-3 1.20.1-2+deb12u2 1.20.1-2+deb12u3
debian CVE-2025-24528 libkrb5support0 1.20.1-2+deb12u2 1.20.1-2+deb12u3
debian CVE-2025-4207 libpq5 15.12-0+deb12u2 15.13-0+deb12u1
python-pkg CVE-2025-47287 tornado 6.4.2 6.5.0

After

Target Vuln. ID Package Name Installed v. Fixed v.
python-pkg CVE-2025-47287 tornado 6.4.2 6.5.0

@jupyterhub-bot jupyterhub-bot added the image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability label May 19, 2025
@yuvipanda yuvipanda merged commit c3aa075 into main May 21, 2025
16 checks passed
@yuvipanda yuvipanda deleted the vuln-scan-hub branch May 21, 2025 17:48
consideRatio pushed a commit to jupyterhub/helm-chart that referenced this pull request May 21, 2025
[jupyterhub] Automatic update for commit 4.2.1-0.dev.git.7047.hc3aa0758
333b2ac 
jupyterhub/zero-to-jupyterhub-k8s#3670 Merge pull request #3670 from jupyterhub/vuln-scan-hub
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@consideRatio consideRatio Awaiting requested review from consideRatio

Assignees

No one assigned

Labels

image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jupyterhub-bot @yuvipanda