Skip to content

Java Vulnerability

TLDR: Update Java to 11.0.21 or greater.

Details from @rharper

Here is the vulnerability information from the detailed Docker report:

--------------------------------------begin insert-------------------------------------------------------------

DNS Name: igskmncgvmp2ct2.cr.usgs.gov

NetBIOS Name:

Plugin Output:

Plugin Output:

Path : /var/lib/docker/devicemapper/mnt/1fbb19c998e4d0689c25e1abb5a3641fc005d7ad733dd358f8da858fa3db5e27/rootfs/usr/lib/jvm/java-11-

openjdk-amd64/

Installed version : 11.0.20

Fixed version : Upgrade to a version greater than 11.0.21

-------------------------------end insert------------------------------------------------------

Since Docker containers are normally not patched, but replaced by updated containers, would it be possible to replace the following container with a container that meets the Java version criteria?

Here is the container name as derived from the Devicemapper ID in the above pathname:

[root@igskmncgvmp2ct2 mnt]# docker ps --format "{{.ID}}" | xargs docker inspect -f "{{.GraphDriver.Data.DeviceName}} {{.Name}}"

...

docker-253:0-524537-1fbb19c998e4d0689c25e1abb5a3641fc005d7ad733dd358f8da858fa3db5e27 /earthquake-eventadmin_web.1.2vp716912nf7ds7dwrhk36eh2

...

[root@igskmncgvmp2ct2 mnt]#