We have recently started scanning our Docker images and got a security vulnerability report about 2 high sev issues. There were more vulnerabilities but was resolved with updating system packages
✗ High severity vulnerability found in glibc/libc-bin
Description: Out-of-bounds Write
Info: [https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488](https://urldefense.com/v3/__https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488__;!!PEK3uBjM8x5RqC4b!ErNPmNg30yMHxcjIk6Su1mW48S2SZyUAFc--yJAkoa7QRwEOQftj0Js91n5xcBRWEag13WgTl1oS3n0zsUMKjR9z$)
Introduced through: glibc/locales@2.28-10+deb10u2, meta-common-packages@meta
Hi Kevin,
The Osiris Orthanc Docker repo is here - https://github.com/orthanc-server/orthanc-builder. Specifically the base Debian image tag is defined https://github.com/orthanc-server/orthanc-builder/blob/deb52b4af729cde6392cd18a70df095afdf76fc7/local-build.sh#L69
As an open source project, we can all help make the project as good as possible. If you have the resources, you can build an updated image with a newer Debian version and help make the project as secure as possible.
In regards to validation, there are integration tests here - https://github.com/orthanc-server/orthanc-builder/tree/master/docker/integration-tests that can be run against the image.
Hope that helps.
James