SYS-598 improve security of several images using trivy

Author: instantlinux

README.md

@@ -17,7 +17,8 @@ easy. Contents:
 | ssl | PKI certificate tools (deprecated by k8s) |
 | stacks | container resources in docker-compose format |
 
-Find images at [docker hub/instantlinux](https://hub.docker.com/r/instantlinux/).
+Find images at [docker hub/instantlinux](https://hub.docker.com/r/instantlinux/). Each image is scanned for published CVE vulnerabilities by (trivy)[https://trivy.dev/] before promotion to Docker Hub.
+
 Find a lot more details about the Kubernetes bare-metal installer in [k8s/README](k8s/README.md).
 
 ### Kubernetes capabilities

images/blacklist/Dockerfile

@@ -20,7 +20,7 @@ ENV DEBIAN_FRONTEND=noninteractive \
 ARG RBLDNSD_VERSION=1.0~20210120-2
 
 COPY src/ /root/
-RUN apt-get -yq update && \
+RUN apt-get -yq update && apt-get -y upgrade && \
     apt-get -yq --no-install-recommends install \
       cron curl rbldnsd=$RBLDNSD_VERSION perl libdbd-mysql-perl \
       mariadb-client && \

images/haproxy-keepalived/Dockerfile

@@ -8,7 +8,7 @@ LABEL org.label-schema.build-date=$BUILD_DATE \
     org.label-schema.vcs-ref=$VCS_REF \
     org.label-schema.vcs-url=https://github.com/instantlinux/docker-tools
 
-ARG KEEPALIVED_VERSION=2.2.7-r2
+ARG KEEPALIVED_VERSION=2.2.8-r0
 ENV KEEPALIVE_CONFIG_ID=main \
     PORT_HAPROXY_STATS=8080 \
     STATS_ENABLE=yes \

images/haproxy-keepalived/helm/Chart.yaml

@@ -7,8 +7,8 @@ sources:
 - https://github.com/haproxy/haproxy
 - https://github.com/acassen/keepalived
 type: application
-version: 0.1.10
-appVersion: "2.8.1-alpine-2.2.7-r2"
+version: 0.1.11
+appVersion: "2.8.1-alpine-2.2.8-r0"
 dependencies:
 - name: chartlib
   version: 0.1.8

images/mythtv-backend/Dockerfile

@@ -29,7 +29,8 @@ ARG PPA_BRANCH=32
 ARG MYTHLINK_SHA=459cb8b60adae4b631a95a9cfb1b41dcb959cc4a0b9053582a711d58b8d8a0d2
 
 RUN \
-  apt-get -yq update && apt-get install -yq gnupg locales wget && \
+  apt-get -yq update && apt-get -y upgrade && \
+  apt-get install -yq gnupg locales wget && \
   apt-key adv --recv-keys --keyserver keyserver.ubuntu.com $APT_KEY && \
   echo "deb $MYTHTV_PPA/ubuntu jammy main" \
     > /etc/apt/sources.list.d/mythbuntu.list && \

images/nagios/Dockerfile

@@ -11,7 +11,7 @@ LABEL org.label-schema.build-date=$BUILD_DATE \
 ARG NAGIOS_VERSION=4.4.13-r0
 ARG NAGIOS_GID=1000
 ARG NAGIOS_UID=999
-ARG PLUGINS_VERSION=2.4.5-r0
+ARG PLUGINS_VERSION=2.4.5-r2
 ARG WWW_UID=33
 ENV AUTHORIZED_USERS=nagiosadmin \
     CONFIG_CHECK=yes \

images/openldap/Dockerfile

@@ -8,7 +8,7 @@ LABEL org.label-schema.build-date=$BUILD_DATE \
     org.label-schema.vcs-ref=$VCS_REF \
     org.label-schema.vcs-url=https://github.com/instantlinux/docker-tools
 
-ARG OPENLDAP_VERSION=2.6.4-r3
+ARG OPENLDAP_VERSION=2.6.5-r0
 ENV SLAPD_DN_ATTR=uid \
     SLAPD_FQDN=example.com \
     SLAPD_LOG_LEVEL=Config,Stats \

images/openldap/helm/Chart.yaml

@@ -6,8 +6,8 @@ sources:
 - https://github.com/instantlinux/docker-tools
 - https://git.openldap.org/openldap/openldap
 type: application
-version: 0.1.3
-appVersion: "2.6.4-r3"
+version: 0.1.4
+appVersion: "2.6.5-r0"
 dependencies:
 - name: chartlib
   version: 0.1.8

images/rsyslogd/Dockerfile

@@ -8,7 +8,7 @@ LABEL org.label-schema.build-date=$BUILD_DATE \
     org.label-schema.vcs-ref=$VCS_REF \
     org.label-schema.vcs-url=https://github.com/instantlinux/docker-tools
 
-ARG RSYSLOG_VERSION=8.2306.0-r0
+ARG RSYSLOG_VERSION=8.2306.0-r2
 ENV TZ=UTC
 RUN apk add --update gzip logrotate rsyslog=$RSYSLOG_VERSION \
       rsyslog-mysql=$RSYSLOG_VERSION tar xz && \

images/rsyslogd/helm/Chart.yaml

@@ -6,8 +6,8 @@ sources:
 - https://github.com/instantlinux/docker-tools
 - https://github.com/rsyslog/rsyslog
 type: application
-version: 0.1.8
-appVersion: "8.2306.0-r0"
+version: 0.1.9
+appVersion: "8.2306.0-r2"
 dependencies:
 - name: chartlib
   version: 0.1.8