|
https://github.com/folio-org/folio-tools/blob/master/jenkins-slave-docker/Dockerfile.jammy-java-11 and
https://github.com/folio-org/folio-tools/blob/master/jenkins-slave-docker/Dockerfile.jammy-java-17
use vulnerable 7.81.0-1ubuntu1.13 version of curl/libcurl
This version has two security vulnerabilities (CVE-2023-38545, CVE-2023-38546), one of them of high severity:
https://github.com/curl/curl/discussions/12026
Ubuntun will release a fixed version on October 11, 2023.
Please check https://packages.ubuntu.com/search?suite=jammy-updates§ion=all&arch=any&keywords=curl&searchon=names
If you see that the fixed version is available please rebuild FOLIO's two jenkins-slave-docker containers. No change to the Dockerfiles is needed because they automatically run "apt-get upgrade" at build time.
|