2

My client uses a Docker images that has a base image of centos:7 from DockerHub. I noticed that Google Cloud Container registry flagged my latest built images with 17 vulnerabilities that all target the kernel-headers package from CentOs, version 3.10.0.

What are my options ?

Can I just upgrade this package or the kernel while staying on CentOs 7 or do I need to upgrade to version 8 ? With an upgrade to version 8, are there specific breaking updates I should keep an eye on ?

Thank you guys

Update : We are using hdf5, hdf5-devel, devtoolset-7-gcc-c++ and openmpi packages to run some simulations. Removing the kernel-headers tries to remove devtoolset-7-gcc, glibc-devel and glibc-headers packages. I will do some testing without those packages.

Michaël Bertoni
  • 31
  • 4
  • The `centos:7` image doesn't include the `kernel-headers` package by default. Does your client really need it? The easiest solution would be to remove it from their images. It would be unusual (but not impossible) for something to need that in a container. An upgrade to CentOS 8 could break things: it might work, but is probably more disruptive than you need. – larsks Sep 15 '20 at 23:16
  • We are using `hdf5`, `hdf5-devel`, `devtoolset-7-gcc-c++` and `openmpi` packages to run some simulations. Removing the `kernel-headers` tries to remove `devtoolset-7-gcc`, `glibc-devel` and `glibc-headers` packages. I will do some testing without those packages. – Michaël Bertoni Sep 16 '20 at 00:10

1 Answers1

2
yum install -y kernel-headers --enablerepo=centos-kernel
4b0
  • 21,981
  • 30
  • 95
  • 142
Marcus Berglof
  • 21
  • 2