WingNews logo WingNews
top | item 44947781

(no title)

RVuRnvbM2e | 6 months ago

I don't understand the point of this article. Container images are literally immutable packaged filesystems so old versions of affected packages are in old Docker images for every CVE ever patched in Debian.

How is this news?

discuss

order

ptx|6 months ago

The point seems to be that they're selling a product which (they say towards the end of the article) gives their customers "access to a precise analysis developed by our research team to detect IFUNC-based hooking, which is the same technique used in the XZ backdoor".

BobbyTables2|6 months ago

Vulnerabilities are one thing. Many container images in development/testing are never actually exposed to anything hostileā€¦

Active backdoors are quite anotherā€¦

m463|6 months ago

I can see how some "immutable packaged filesystems" won't get updated unless you do a "docker build --no-cache"