Reputation: 1
In Docker, how can I upgrade from Bullseye to the Bullseye security version?
I am currently running Debian GNU/Linux 11 (bullseye) in a Docker container with kernel version 5.10.197-1. I have identified a security vulnerability (CVE-2023-25775) that is fixed in the Bullseye security version 5.10.205-2. I want to update my Dockerfile to use the security-fixed kernel version.
Current System Information:
PRETTY_NAME: Debian GNU/Linux 11 (bullseye) NAME: Debian GNU/Linux VERSION_ID: 11 VERSION: 11 (bullseye) VERSION_CODENAME: bullseye ID: debian Kernel Version: 5.10.197-1 Fixed Version:
Fixed Kernel Version: 5.10.205-2 (bullseye security) How can I update my current Debian GNU/Linux 11 (bullseye) installation to the security-fixed version 5.10.205-2 in order to address the CVE-2023-25775 vulnerability?
This is my dockerfile.yml
#** Builder image (gem)**
FROM ruby:2.7.7 as ruby RUN mkdir ~/.ssh
RUN apt-get update -qq &&
apt-get upgrade -y &&
apt-get install -y --no-install-recommends --fix-missing
apt-utils
build-essential
cmake
default-mysql-client
default-libmysqlclient-dev
imagemagick
curl
apt-transport-https
wget &&
rm -rf /var/lib/apt/lists/*
ARG rails_env ENV RAILS_ENV=${rails_env}
WORKDIR /tmp COPY Gemfile* /tmp/ RUN gem install bundler:1.17.3
Questions: 1.How can I update the Debian kernel version in my Dockerfile to 5.10.205-2 (bullseye security) to address CVE-2023-25775? 2.Are there any specific package manager commands or instructions I should use within my Dockerfile to ensure the correct kernel version is installed? Additional Information: Link to https://nvd.nist.gov/vuln/detail/CVE-2023-25775
I attempted to update my Debian GNU/Linux 11 (bullseye) installation by running the following commands:
#FROM debian:bookworm
#FROM debian:bookworm as builder
FROM debian:sid
RUN apt-get update -qq &&
apt-get upgrade -y &&
rm -rf /var/lib/apt/lists/*
I expected the update to transition my system to the security-fixed version 5.10.205-2 and address the CVE-2023-25775 vulnerability. Specifically, I was hoping for the system to be upgraded to the fixed kernel version, resolving the identified security issue.
However, The update did not result in the expected transition to version 5.10.205-2, and the CVE-2023-25775 vulnerability persists.
Upvotes: 0
Views: 342
Answers (1)
Reputation: 76
Docker containers don't manage their own kernel. They rely on the kernel of the host system, so there is no such thing as "updating the kernel inside the docker".
If you want to update your kernel version to patch this CVE, you will need to do so on your host system, not on the dockerfile.
Upvotes: 0
Related Questions
- How do I get into a Docker container's shell?
- How to copy files from host to Docker container?
- How to fix Docker: Got permission denied issue
- How do I pass environment variables to Docker containers?
- How to copy Docker images from one host to another without using a repository
- From inside of a Docker container, how do I connect to the localhost of the machine?
- Copying files from Docker container to host
- How is Docker different from a virtual machine?
- How to get a Docker container's IP address from the host