[clamav-users] CLAMAV: Docker Tag 0.104.2 has 9 Medium Vulnerabilities for Busy Box

Micah Snyder (micasnyd) micasnyd at cisco.com
Sun Feb 13 02:47:05 UTC 2022 

Hi Jaspal,

My apologies for the late reply.  Thank you for raising this to our attention.  In the future, please consider submitting an issue via https://github.com/Cisco-Talos/clamav/issues/new/choose to get our attention.

My team is new to maintaining images on Docker Hub. We hadn't yet identified the best practices for how to publish an image for the same ClamAV version with a new base image. After a little investigation, I settled on this on this scheme.

I have published these new newly built images based on the latest Alpine Linux image (3.15.0):

  *   clamav/clamav:0.104.2-2_base
  *   clamav/clamav:0.104.2-2

The previous images remain accessible under "clamav/clamav:0.104.2_base" and "clamav/clamav:0.104.2" tags.
If we must do this again before the next patch version, the next image tags would be "0.104.2-3_base" and "0.104.2-3".
Note: the hashes for the image tags without the "_base" suffix change frequently because we update them with newer signature databases.

I also updated the following tags so that people using them can simply "pull" to get the newer image:

  *   clamav/clamav:stable_base == clamav/clamav:latest_base == clamav/clamav:0.104_base == clamav/clamav:0.104.2-2_base
  *   clamav/clamav:stable == clamav/clamav:latest == clamav/clamav:0.104 == clamav/clamav:0.104.2-2

Regards,
Micah



Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
________________________________
From: clamav-users <clamav-users-bounces at lists.clamav.net> on behalf of Sandhu, Jaspal (HQP) via clamav-users <clamav-users at lists.clamav.net>
Sent: Tuesday, January 25, 2022 2:05 PM
To: clamav-users at lists.clamav.net <clamav-users at lists.clamav.net>
Cc: Sandhu, Jaspal (HQP) <jaspal.sandhu at roberthalf.com>
Subject: [clamav-users] CLAMAV: Docker Tag 0.104.2 has 9 Medium Vulnerabilities for Busy Box


Hi,



I am using the docker tag clamav/clamav:0.104.2.  Could you please help to get it fixed.  We can’t deploy this upgrade at the moment.



https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382



Thanks

Jaspal Sandhu

Roberthalf



[cid:image001.png at 01D811F4.8FE06590]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20220213/0418ced4/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 69894 bytes
Desc: image001.png
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20220213/0418ced4/attachment.png>

More information about the clamav-users mailing list