[Release-1.26] - rancher/mirrored-library-busybox:1.34.1 has critical vulnerability

[brandond]

Backport fix for rancher/mirrored-library-busybox:1.34.1 has critical vulnerability

• rancher/mirrored-library-busybox:1.34.1 has critical vulnerability #8373

[bguzman-3pillar]

Validated on RC

k3s -v
k3s version v1.26.10-rc1+k3s1 (10379aa3)
go version go1.20.10

Environment Details

Infrastructure

• Cloud
• Hosted

Node(s) CPU architecture, OS, and Version:

Ubuntu

Cluster Configuration:

1 server

Testing Steps

1. Copy config.yaml

$ sudo mkdir -p /etc/rancher/k3s && sudo cp config.yaml /etc/rancher/k3s

2. Install k3s
3. Run k apply -f https://raw.githubusercontent.com/rancher/distros-test-framework/main/workloads/amd64/local-path-provisioner.yaml && k describe pods -n kube-system and immediately describe the pod to be able to see the busybox version.

Validation Results:

Name:             helper-pod-create-pvc-8c9267b1-1754-4eda-84d0-34c5fd178452
Namespace:        kube-system
Priority:         0
Service Account:  local-path-provisioner-service-account
Node:             ip-172-31-13-4.us-east-2.compute.internal/172.31.13.4
Start Time:       Tue, 24 Oct 2023 17:34:48 +0000
Labels:           <none>
Annotations:      <none>
Status:           Pending
IP:
IPs:              <none>
Containers:
  helper-pod:
    Container ID:
    Image:         rancher/mirrored-library-busybox:1.36.1
    Image ID:
    Port:          <none>
    Host Port:     <none>
    Command:
      /bin/sh
      /script/setup
    Args:
      -p
      /var/lib/rancher/k3s/storage/pvc-8c9267b1-1754-4eda-84d0-34c5fd178452_local-path-storage_local-path-pvc
      -s
      524288000
      -m
      Filesystem
    State:          Waiting
      Reason:       ContainerCreating
    Ready:          False
    Restart Count:  0
    Environment:
      VOL_DIR:         /var/lib/rancher/k3s/storage/pvc-8c9267b1-1754-4eda-84d0-34c5fd178452_local-path-storage_local-path-pvc
      VOL_MODE:        Filesystem
      VOL_SIZE_BYTES:  524288000
    Mounts:
      /script from script (rw)
      /var/lib/rancher/k3s/storage/ from data (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-l2vw6 (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  data:
    Type:          HostPath (bare host directory volume)
    Path:          /var/lib/rancher/k3s/storage/
    HostPathType:  DirectoryOrCreate
  script:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      local-path-config
    Optional:  false
  kube-api-access-l2vw6:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 op=Exists
Events:                      <none>