Hi,
I have a docker file with the base image of “FROM microsoft/dotnet:2.1-runtime AS base” .
In this im adding a another layer with AVAST binary installation. for that i added the following command
Dockerfile content :
FROM microsoft/dotnet:2.1-runtime AS base
COPY libssl1.0.0_1.0.1t-1+deb8u8_amd64.deb .
RUN sudo dpkg -i libssl1.0.0_1.0.1t-1+deb8u8_amd64.deb
RUN echo “===> Install Avast…”
&& echo ‘deb http://deb.avast.com/lin/repo debian release’ >> /etc/apt/sources.list
&& apt-key adv --fetch-keys http://files.avast.com/files/resellers/linux/avast.gpg
&& apt-get update -q
&& apt-get install -y avast avast-fss
once This Container image built, and putting this image for for any vulnerabilty check using ECS container scan service, we are getting 4 critical issues related to this libssl1.0.0 package. (CVE-2016-2108,0799,2842,0705)
So, I changed the LibSSL package with 1.1 version, the installation of Avast package is stopped and asking the dependency of libssl 1.0.0 version. So i’m confused on resolving the above vulnerability bugs from this Avast installed container image.appreciate any helpful inputs on this issue .