| ▲ | RVuRnvbM2e 3 days ago | |
I don't understand the point of this article. Container images are literally immutable packaged filesystems so old versions of affected packages are in old Docker images for every CVE ever patched in Debian. How is this news? | ||
| ▲ | ptx 2 days ago | parent | next [-] | |
The point seems to be that they're selling a product which (they say towards the end of the article) gives their customers "access to a precise analysis developed by our research team to detect IFUNC-based hooking, which is the same technique used in the XZ backdoor". | ||
| ▲ | m463 a day ago | parent | prev | next [-] | |
I can see how some "immutable packaged filesystems" won't get updated unless you do a "docker build --no-cache" | ||
| ▲ | BobbyTables2 3 days ago | parent | prev [-] | |
Vulnerabilities are one thing. Many container images in development/testing are never actually exposed to anything hostile… Active backdoors are quite another… | ||