Docker FAQ


Recommended Posts

How do I check my installed apps for vulnerabilities?

 

NOTE:  Vulnerabilities that are returned may or may not actually be an issue.  Just because any given container has vulnerabilities does not necessarily mean any harm will come to you.  This is especially true if you are not accessing your containers from outside of your local network...  If you are accessing your containers from outside of your network and they are "publicly" accessible, then you will most likely want to ensure that all containers do not have any vulnerabilities.  IE: The CVE's listed may or may not be applicable to the usage of the container or your environment

 

 

Run these commands to install the software:

mkdir -p ~/.docker/cli-plugins
curl https://github.com/docker/scan-cli-plugin/releases/latest/download/docker-scan_linux_amd64 -L -s -S -o ~/.docker/cli-plugins/docker-scan
cp -r /boot/config/plugins/dockerMan/cli-plugins/ /var/lib/docker/cli-plugins/
chmod +x /var/lib/docker/cli-plugins/docker-scan

 

This saves a copy of the docker scan command onto the flash drive for safe keeping, and installs it within the docker image.

 

Now, head over to https://hub.docker.com/ and create an account

 

After your account is created, 

docker login

 

Finally to scan one of your installed containers,

/var/lib/docker/cli-plugins/docker-scan scan IMAGE_NAME

 

(NOTE: You will be limited to 10 scans per month - and this includes any typos in the image name, so get it right the first time)

 

EG: 

/var/lib/docker/cli-plugins/docker-scan scan lscr.io/linuxserver/cops

returns


Testing lscr.io/linuxserver/cops...

Package manager:   apk
Project name:      docker-image|lscr.io/linuxserver/cops
Docker image:      lscr.io/linuxserver/cops
Platform:          linux/amd64

✔ Tested 93 dependencies for known vulnerabilities, no vulnerable paths found.

Note that we do not currently have vulnerability data for your image.

For more free scans that keep your images secure, sign up to Snyk at https://dockr.ly/3ePqVcp

-------------------------------------------------------

Testing lscr.io/linuxserver/cops...

Package manager:   npm
Target file:       /usr/share/webapps/cops/vendor/twbs/bootstrap/package.json
Project name:      bootstrap
Docker image:      lscr.io/linuxserver/cops

✔ Tested lscr.io/linuxserver/cops for known vulnerabilities, no vulnerable paths found.

For more free scans that keep your images secure, sign up to Snyk at https://dockr.ly/3ePqVcp

-------------------------------------------------------

Testing lscr.io/linuxserver/cops...

Package manager:   maven
Target file:       /usr/share/webapps/cops/test
Project name:      lscr.io/linuxserver/cops:latest:/usr/share/webapps/cops/test
Docker image:      lscr.io/linuxserver/cops

✔ Tested 1 dependencies for known vulnerabilities, no vulnerable paths found.

For more free scans that keep your images secure, sign up to Snyk at https://dockr.ly/3ePqVcp


Tested 3 projects, no vulnerable paths were found.

 

A sample output of something that does have vulnerabilities (But isn't a big deal since you're never going to be exposing this particular container outside of the network)

/var/lib/docker/cli-plugins/docker-scan scan coppit/no-ip

Testing coppit/no-ip...

✗ Low severity vulnerability found in ncurses/ncurses-libs
  Description: CVE-2018-10754
  Info: https://snyk.io/vuln/SNYK-ALPINE37-NCURSES-367846
  Introduced through: ncurses/[email protected]_p20171125-r0, readline/[email protected], htop/[email protected], ncurses/[email protected]_p20171125-r0, ncurses/[email protected]_p20171125-r0
  From: ncurses/[email protected]_p20171125-r0
  From: readline/[email protected] > ncurses/[email protected]_p20171125-r0
  From: htop/[email protected] > ncurses/[email protected]_p20171125-r0
  and 5 more...
  Image layer: 'apk add bash curl htop runit'
  Fixed in: 6.0_p20171125-r1

✗ High severity vulnerability found in libssh2/libssh2
  Description: Out-of-bounds Write
  Info: https://snyk.io/vuln/SNYK-ALPINE37-LIBSSH2-467484
  Introduced through: libssh2/[email protected], curl/[email protected]
  From: libssh2/[email protected]
  From: curl/[email protected] > libssh2/[email protected]
  Image layer: 'apk add bash curl htop runit'
  Fixed in: 1.8.1-r0

✗ High severity vulnerability found in libssh2/libssh2
  Description: Out-of-bounds Write
  Info: https://snyk.io/vuln/SNYK-ALPINE37-LIBSSH2-467485
  Introduced through: libssh2/[email protected], curl/[email protected]
  From: libssh2/[email protected]
  From: curl/[email protected] > libssh2/[email protected]
  Image layer: 'apk add bash curl htop runit'
  Fixed in: 1.8.1-r0

✗ High severity vulnerability found in libssh2/libssh2
  Description: Out-of-bounds Write
  Info: https://snyk.io/vuln/SNYK-ALPINE37-LIBSSH2-467486
  Introduced through: libssh2/[email protected], curl/[email protected]
  From: libssh2/[email protected]
  From: curl/[email protected] > libssh2/[email protected]
  Image layer: 'apk add bash curl htop runit'
  Fixed in: 1.8.1-r0

✗ High severity vulnerability found in libssh2/libssh2
  Description: Out-of-bounds Write
  Info: https://snyk.io/vuln/SNYK-ALPINE37-LIBSSH2-467487
  Introduced through: libssh2/[email protected], curl/[email protected]
  From: libssh2/[email protected]
  From: curl/[email protected] > libssh2/[email protected]
  Image layer: 'apk add bash curl htop runit'
  Fixed in: 1.8.1-r0

✗ High severity vulnerability found in libssh2/libssh2
  Description: Integer Overflow or Wraparound
  Info: https://snyk.io/vuln/SNYK-ALPINE37-LIBSSH2-474566
  Introduced through: libssh2/[email protected], curl/[email protected]
  From: libssh2/[email protected]
  From: curl/[email protected] > libssh2/[email protected]
  Image layer: 'apk add bash curl htop runit'
  Fixed in: 1.9.0-r1

✗ High severity vulnerability found in curl/libcurl
  Description: Out-of-bounds Read
  Info: https://snyk.io/vuln/SNYK-ALPINE37-CURL-343582
  Introduced through: curl/[email protected], curl/[email protected]
  From: curl/[email protected]
  From: curl/[email protected] > curl/[email protected]
  From: curl/[email protected]
  Image layer: 'apk add bash curl htop runit'
  Fixed in: 7.61.1-r2

✗ High severity vulnerability found in curl/libcurl
  Description: Out-of-bounds Read
  Info: https://snyk.io/vuln/SNYK-ALPINE37-CURL-343592
  Introduced through: curl/[email protected], curl/[email protected]
  From: curl/[email protected]
  From: curl/[email protected] > curl/[email protected]
  From: curl/[email protected]
  Image layer: 'apk add bash curl htop runit'
  Fixed in: 7.61.1-r2

✗ Critical severity vulnerability found in musl/musl
  Description: Out-of-bounds Write
  Info: https://snyk.io/vuln/SNYK-ALPINE37-MUSL-458286
  Introduced through: musl/[email protected], busybox/[email protected], alpine-baselayout/[email protected], libressl/[email protected], libressl/[email protected], zlib/[email protected], apk-tools/[email protected], pkgconf/[email protected], readline/[email protected], bash/[email protected], libressl/[email protected], busybox/[email protected], ca-certificates/ca-certificates@20171114-r0, curl/[email protected], curl/[email protected], libssh2/[email protected], tcl/[email protected], expect/[email protected], ncurses/[email protected]_p20171125-r0, htop/[email protected], musl/[email protected], musl/[email protected], pax-utils/[email protected], runit/[email protected], libc-dev/[email protected]
  From: musl/[email protected]
  From: busybox/[email protected] > musl/[email protected]
  From: alpine-baselayout/[email protected] > musl/[email protected]
  and 24 more...
  Image layer: 'apk add expect libc6-compat'
  Fixed in: 1.1.18-r4

✗ Critical severity vulnerability found in libssh2/libssh2
  Description: Out-of-bounds Read
  Info: https://snyk.io/vuln/SNYK-ALPINE37-LIBSSH2-467481
  Introduced through: libssh2/[email protected], curl/[email protected]
  From: libssh2/[email protected]
  From: curl/[email protected] > libssh2/[email protected]
  Image layer: 'apk add bash curl htop runit'
  Fixed in: 1.8.1-r0

✗ Critical severity vulnerability found in libssh2/libssh2
  Description: Out-of-bounds Read
  Info: https://snyk.io/vuln/SNYK-ALPINE37-LIBSSH2-467482
  Introduced through: libssh2/[email protected], curl/[email protected]
  From: libssh2/[email protected]
  From: curl/[email protected] > libssh2/[email protected]
  Image layer: 'apk add bash curl htop runit'
  Fixed in: 1.8.1-r0

✗ Critical severity vulnerability found in libssh2/libssh2
  Description: Out-of-bounds Read
  Info: https://snyk.io/vuln/SNYK-ALPINE37-LIBSSH2-467483
  Introduced through: libssh2/[email protected], curl/[email protected]
  From: libssh2/[email protected]
  From: curl/[email protected] > libssh2/[email protected]
  Image layer: 'apk add bash curl htop runit'
  Fixed in: 1.8.1-r0

✗ Critical severity vulnerability found in libssh2/libssh2
  Description: Out-of-bounds Read
  Info: https://snyk.io/vuln/SNYK-ALPINE37-LIBSSH2-467488
  Introduced through: libssh2/[email protected], curl/[email protected]
  From: libssh2/[email protected]
  From: curl/[email protected] > libssh2/[email protected]
  Image layer: 'apk add bash curl htop runit'
  Fixed in: 1.8.1-r0

✗ Critical severity vulnerability found in libssh2/libssh2
  Description: Out-of-bounds Read
  Info: https://snyk.io/vuln/SNYK-ALPINE37-LIBSSH2-467489
  Introduced through: libssh2/[email protected], curl/[email protected]
  From: libssh2/[email protected]
  From: curl/[email protected] > libssh2/[email protected]
  Image layer: 'apk add bash curl htop runit'
  Fixed in: 1.8.1-r0

✗ Critical severity vulnerability found in curl/libcurl
  Description: Out-of-bounds Write
  Info: https://snyk.io/vuln/SNYK-ALPINE37-CURL-343907
  Introduced through: curl/[email protected], curl/[email protected]
  From: curl/[email protected]
  From: curl/[email protected] > curl/[email protected]
  From: curl/[email protected]
  Image layer: 'apk add bash curl htop runit'
  Fixed in: 7.61.1-r2

✗ Critical severity vulnerability found in curl/libcurl
  Description: Out-of-Bounds
  Info: https://snyk.io/vuln/SNYK-ALPINE37-CURL-358498
  Introduced through: curl/[email protected], curl/[email protected]
  From: curl/[email protected]
  From: curl/[email protected] > curl/[email protected]
  From: curl/[email protected]
  Image layer: 'apk add bash curl htop runit'
  Fixed in: 7.61.1-r1

✗ Critical severity vulnerability found in curl/libcurl
  Description: Integer Overflow or Wraparound
  Info: https://snyk.io/vuln/SNYK-ALPINE37-CURL-358563
  Introduced through: curl/[email protected], curl/[email protected]
  From: curl/[email protected]
  From: curl/[email protected] > curl/[email protected]
  From: curl/[email protected]
  Image layer: 'apk add bash curl htop runit'
  Fixed in: 7.61.1-r0

✗ Critical severity vulnerability found in curl/libcurl
  Description: Out-of-bounds Read
  Info: https://snyk.io/vuln/SNYK-ALPINE37-CURL-358776
  Introduced through: curl/[email protected], curl/[email protected]
  From: curl/[email protected]
  From: curl/[email protected] > curl/[email protected]
  From: curl/[email protected]
  Image layer: 'apk add bash curl htop runit'
  Fixed in: 7.61.1-r1

✗ Critical severity vulnerability found in curl/libcurl
  Description: Use After Free
  Info: https://snyk.io/vuln/SNYK-ALPINE37-CURL-358921
  Introduced through: curl/[email protected], curl/[email protected]
  From: curl/[email protected]
  From: curl/[email protected] > curl/[email protected]
  From: curl/[email protected]
  Image layer: 'apk add bash curl htop runit'
  Fixed in: 7.61.1-r1

✗ Critical severity vulnerability found in curl/libcurl
  Description: Double Free
  Info: https://snyk.io/vuln/SNYK-ALPINE37-CURL-484608
  Introduced through: curl/[email protected], curl/[email protected]
  From: curl/[email protected]
  From: curl/[email protected] > curl/[email protected]
  From: curl/[email protected]
  Image layer: 'apk add bash curl htop runit'
  Fixed in: 7.61.1-r3

✗ Critical severity vulnerability found in curl/libcurl
  Description: Buffer Overflow
  Info: https://snyk.io/vuln/SNYK-ALPINE37-CURL-504637
  Introduced through: curl/[email protected], curl/[email protected]
  From: curl/[email protected]
  From: curl/[email protected] > curl/[email protected]
  From: curl/[email protected]
  Image layer: 'apk add bash curl htop runit'
  Fixed in: 7.61.1-r3



Package manager:   apk
Project name:      docker-image|coppit/no-ip
Docker image:      coppit/no-ip
Platform:          linux/amd64

Tested 28 dependencies for known vulnerabilities, found 21 vulnerabilities.

Alpine 3.7.0 is no longer supported by the Alpine maintainers. Vulnerability detection may be affected by a lack of security updates.

For more free scans that keep your images secure, sign up to Snyk at https://dockr.ly/3ePqVcp

 

  • Like 1
Link to comment
  • 11 months later...
  • 5 months later...

What does "Deprecated" mean?

Quote

 

In information technology (IT), deprecation means that although something is available or allowed, it is not recommended or that -- in the case where something must be used -- to say it is deprecated means that its failings are recognized.

The term may be used with almost any element of IT, including software, hardware, methods, models and practices. The goal is to avoid deprecated approaches in favor of new, more effective ones.

More generally, outside of an IT context, deprecated means that something is acknowledged but discouraged.

 

 

Many times, applications which are abandoned will ultimately show within Community Applications as Deprecated, and you may have them installed.  You do not necessarily have to uninstall them and switch to a different application if it is doing exactly what you want it to do and understand that no further updates to the application will be forthcoming.

 

If the application doesn't require you to access it remotely outside of your network, then a lack of security updates being issued to it will probably not affect you at all.

 

Simply being Deprecated does not mean that you HAVE to find a replacement for it.  So long as you understand that further updates will not be forthcoming.

 

Community Applications does not show by default any deprecated applications (so as to discourage new installations), and will also show any installed already within the Action Centre, but will never stop you from reinstalling them from Previous Apps.

 

In terms of other operating systems, one of the more commonly used media players on Windows is MPC-HC which has been deprecated since 2017.  In terms of mkv playback it is still one of the best.  And is still installed and used on millions of computers and still works perfectly.

 

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.