Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New pgstac image to remediate CVE-2023-39417 and other CVEs associated with postgres 15.3 and older versions #202

Open
hectormachin opened this issue Aug 24, 2023 · 2 comments
Open

New pgstac image to remediate CVE-2023-39417 and other CVEs associated with postgres 15.3 and older versions #202

hectormachin opened this issue Aug 24, 2023 · 2 comments

Comments

@hectormachin
Copy link

hectormachin commented Aug 24, 2023
edited
Loading

Earlier this month CVE-2023-39417 and several other HIGH & CRITICAL CVEs have been reported with postgres 15.3 and older versions.

We use the latest pgstac v0.7.10 image, which is running with postgres 15.3 and has been flagged with CVE-2023-39417. Since your Dockerfile is using postgres:15-bullseye https://github.com/stac-utils/pgstac/blob/main/Dockerfile#L1 as the base image, the only action needed is to re-kick an image publishing action, and the newest postgres:15-bullseye already contains postgres 15.4 which is the recommended fix for most of the CVEs.

Would building/publishing a new image of pgstac be possible in the short term? Is there a timeline for the next pgstac release?
@hectormachin
Copy link
Author

Added #204 to remediate this issue

@zacharyDez
Copy link
Collaborator

#204 was closed and unmerged. Has these issues been resolved? @bitner @hectormachin

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zacharyDez @hectormachin