Security Vulnerability CVE-2023-2603 for [email protected]

[noodle-rubrik]

Our security scanner is flagging the below issue for the [email protected] image:
https://nvd.nist.gov/vuln/detail/CVE-2023-2603

The underlying issue is the libcap library version 2.66. The scanner is claiming that 2.66-r1 is sufficient to remediate the vulnerability, but it claimed 2.66-r0 would be sufficient earlier, before changing its mind. It looks like 2.69 should definitely be a fix, and the others are some sort of backport.

I was able to clone the linkerd2-proxy repo, checkout the [email protected] tag, update the Dockerfile to point to alpine:3.18, and successfully build the image. The resulting image has libcap 2.69, so that should be all that's necessary, as long as the alpine version upgrade doesn't cause any additional problems.

I didn't try installing 2.66-r1 on the older alpine image yet, but I can try that if it's less likely to cause some other problems.

(Filing this here because linkerd2-proxy doesn't have a /discussions page)

[risingspiral]

We've merged a PR to address this: linkerd/linkerd2-proxy-init#269 it will go out in the next Linkerd edge and stable releases.