主页 / user-217953

xgretsch's questions

Martin Hope
xgretsch
Asked: 2023-08-17 17:36:35 +0800 CST
  • 6

我有一个基于 Ubuntu 23.04 的 docker 映像。除其他外,运行显示包中docker scout cves文件中的几个关键漏洞。(CVE-2023-24540 和 CVE-2023-24538)。stdlib 1.19.4pkg:golang/[email protected]

问题是,我完全不知道这个包是从哪里来的。我没有在我自己的代码中使用 go 语言。我在 中找不到该包dpkg.log。如果我手动运行所有apt命令,它不会出现在输出中。在 Docker Desktop 中运行受影响的包树时,我也看不到它——尽管很容易错过。

在漏洞消失之前,没有对我的 Dockerfile 进行二进制切割,任何人都可以解释一种系统方法来找出哪个命令导致安装此软件包吗?

附录:根据要求 - 这是一个包含所有安装命令但没有我自己的代码的 Dockerfile:

# Start with a base Ubuntu image
FROM ubuntu:23.04

ARG xdebug

# Prevent any prompts during installation
ENV DEBIAN_FRONTEND noninteractive

# Set up apt with any additional repositories we need
RUN apt-get update
RUN apt-get install -y software-properties-common
RUN add-apt-repository ppa:maxmind/ppa
RUN apt-get update --fix-missing
RUN apt upgrade -y

# Install Apache and various other packages.
RUN apt-get install -y apache2
RUN apt-get install -y vim cron geoipupdate git logrotate mysql-client openssh-server redis rsync supervisor unzip zip
RUN apt-get install -y python3-pip python3-dev python3-setuptools python3-numpy python3-pandas python3-yaml python3-click python3-dotenv python3-mysql.connector python3.tqdm
RUN apt-get install -y gcc make dnsutils ncdu lsof

# Configure any Apache modules that weren't in the default
RUN cp /etc/apache2/mods-available/rewrite.load /etc/apache2/mods-enabled
RUN cp /etc/apache2/mods-available/expires.load /etc/apache2/mods-enabled
RUN cp /etc/apache2/mods-available/authz_groupfile.load /etc/apache2/mods-enabled
RUN cp /etc/apache2/mods-available/headers.load /etc/apache2/mods-enabled/
RUN cp /etc/apache2/mods-available/ssl.load /etc/apache2/mods-enabled
RUN cp /etc/apache2/mods-available/socache_shmcb.load /etc/apache2/mods-enabled
RUN cp /etc/apache2/mods-available/ssl.conf /etc/apache2/mods-enabled

# Suppress Apache warning on being unable to determine the fully qualified domain name
RUN echo "ServerName localhost">>/etc/apache2/apache2.conf

# Install PHP and plumb into Apache
RUN apt-get update --fix-missing
RUN apt-get install -y php8.1 php8.1-curl php8.1-gd php8.1-gettext php8.1-gmp php8.1-iconv php8.1-imap php8.1-intl php8.1-mbstring php8.1-mysql php8.1-oauth php8.1-redis php8.1-xml php8.1-yaml php8.1-zip
RUN if [ "$xdebug" = "with" ] ; then apt-get install -y php8.1-xdebug ; fi
RUN apt-get install -y libapache2-mod-php8.1

# The bcmath extension seems to have problems when installed in line with the other PHP modules, as of 2022-07-18
RUN apt-get update --fix-missing
RUN apt-get install -y php8.1-bcmath

# Install locales
RUN apt-get install -y locales
RUN locale-gen en_GB
RUN locale-gen en_GB.UTF-8
RUN locale-gen de_DE
RUN locale-gen de_DE.UTF-8
RUN locale-gen es_ES
RUN locale-gen es_ES.UTF-8
RUN locale-gen fr_FR
RUN locale-gen fr_FR.UTF-8
RUN locale-gen it_IT
RUN locale-gen it_IT.UTF-8
RUN update-locale
docker