-
Notifications
You must be signed in to change notification settings - Fork 43
arkserver docker image has sudo security issue CVE2021-3156 - please provide new image #32
Comments
I haven't gotten any luck getting response to anything for a while. I forked and have fixed a few of the outstanding issues. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Sorry for the delay here @maecki-maecki. Do you have a link to the description of that CVE for posterity? Happy to re-open and address the issue but I wasn't able to find any specifics when I searched for that CVE number. |
https://ubuntu.com/security/CVE-2021-3156
Sorry, had a duplicate digit in that number ...
Updated first comment, too
|
Thanks @maecki-maecki, all good. I'm re-opening this, should be a pretty straight-forward fix with an update to the base image. Linking the base image for posterity: https://github.com/thmhoag/steamcmd |
I updated the base image and build pipeline on my fork, if this is still relevant to you @maecki-maecki . |
Description of Issue
CVE-2021-3156 means sudo is exploitable - this is fixed in xenial, but arkserver/steamcmd image has to be rebuild/republished for fix to be included ...
https://ubuntu.com/security/CVE-2021-3156
The text was updated successfully, but these errors were encountered: