Envoy 1

locked latest

Full version: 1.32.3 Analyzed: 2026-02-11

Size Reduction 13% 158.8 MB to 137.8 MB (21.0 MB saved)

Component Reduction 87% 103 to 13 packages (90 removed)

Vulnerability Reduction 100% 29 to 0 vulnerabilities (29 eliminated)

Image Comparison

Property	upstream	locked
Image	docker.io/envoyproxy/envoy:v1.32.3	ghcr.io/armorred/envoy:1.32.3-locked
Size	158.8 MB	137.8 MB
Layers	9	14
Components	103	13
Vulnerabilities	29	0
Runtime User	root	999:999

Vulnerability Analysis

upstream 29 total

12critical

5high

12medium

locked 0 total

Upstream vulnerability details (29)

CVE ID	Severity	Package	Version	Fixed In
UBUNTU-CVE-2016-2781	medium	coreutils	8.32-4.1ubuntu1.2	unfixed
UBUNTU-CVE-2025-5278	medium	coreutils	8.32-4.1ubuntu1.2	unfixed
USN-7768-1	high	dpkg	1.21.1ubuntu2.3	1.21.1ubuntu2.6
UBUNTU-CVE-2025-6297	high	dpkg	1.21.1ubuntu2.3	1.21.1ubuntu2.6
USN-7287-1	medium	libcap2	1:2.44-1ubuntu0.22.04.1	1:2.32-1ubuntu0.2
UBUNTU-CVE-2025-1390	medium	libcap2	1:2.44-1ubuntu0.22.04.1	1:2.32-1ubuntu0.2
UBUNTU-CVE-2024-2236	medium	libgcrypt20	1.9.4-3ubuntu3	unfixed
USN-7954-1	critical	libtasn1-6	4.18.0-4build1	4.18.0-4ubuntu0.2
USN-7275-1	medium	libtasn1-6	4.18.0-4build1	4.16.0-2ubuntu0.1
UBUNTU-CVE-2021-46848	critical	libtasn1-6	4.18.0-4build1	4.7-3ubuntu0.16.04.3+esm3
UBUNTU-CVE-2024-12133	medium	libtasn1-6	4.18.0-4build1	4.16.0-2ubuntu0.1
UBUNTU-CVE-2025-13151	critical	libtasn1-6	4.18.0-4build1	4.18.0-4ubuntu0.2
USN-7980-1	critical	openssl	3.0.2-0ubuntu1.18	3.0.2-0ubuntu1.21
USN-7786-1	high	openssl	3.0.2-0ubuntu1.18	1.0.1f-1ubuntu2.27+esm11
USN-7278-1	medium	openssl	3.0.2-0ubuntu1.18	1.1.1f-1ubuntu2.24
UBUNTU-CVE-2024-13176	medium	openssl	3.0.2-0ubuntu1.18	1.1.1f-1ubuntu2.24
UBUNTU-CVE-2024-41996	high	openssl	3.0.2-0ubuntu1.18	unfixed
UBUNTU-CVE-2024-9143	medium	openssl	3.0.2-0ubuntu1.18	1.1.1f-1ubuntu2.24
UBUNTU-CVE-2025-15467	critical	openssl	3.0.2-0ubuntu1.18	3.0.2-0ubuntu1.21
UBUNTU-CVE-2025-27587	medium	openssl	3.0.2-0ubuntu1.18	unfixed
UBUNTU-CVE-2025-68160	critical	openssl	3.0.2-0ubuntu1.18	1.0.1f-1ubuntu2.27+esm12
UBUNTU-CVE-2025-69418	critical	openssl	3.0.2-0ubuntu1.18	1.1.1-1ubuntu2.1~18.04.23+esm7
UBUNTU-CVE-2025-69419	critical	openssl	3.0.2-0ubuntu1.18	1.1.1-1ubuntu2.1~18.04.23+esm7
UBUNTU-CVE-2025-69420	critical	openssl	3.0.2-0ubuntu1.18	1.1.1-1ubuntu2.1~18.04.23+esm7
UBUNTU-CVE-2025-69421	critical	openssl	3.0.2-0ubuntu1.18	1.0.1f-1ubuntu2.27+esm12
UBUNTU-CVE-2025-9230	high	openssl	3.0.2-0ubuntu1.18	1.0.1f-1ubuntu2.27+esm11
UBUNTU-CVE-2026-22795	critical	openssl	3.0.2-0ubuntu1.18	1.1.1-1ubuntu2.1~18.04.23+esm7
UBUNTU-CVE-2026-22796	critical	openssl	3.0.2-0ubuntu1.18	1.0.1f-1ubuntu2.27+esm12
UBUNTU-CVE-2025-45582	medium	tar	1.34+dfsg-1ubuntu0.1.22.04.2	unfixed

Software Bill of Materials

upstream components (103)

adduser 3.118ubuntu5
apt 2.4.13
base-files 12ubuntu4.7
base-passwd 3.5.52build1
bash 5.1-6ubuntu1.1
bsdutils 1:2.37.2-4ubuntu3.4
ca-certificates 20240203~22.04.1
coreutils 8.32-4.1ubuntu1.2
dash 0.5.11+git20210903+057cd650a4ed-3build1
debconf 1.5.79ubuntu1
debianutils 5.5-1ubuntu2
diffutils 1:3.8-0ubuntu2
dpkg 1.21.1ubuntu2.3
e2fsprogs 1.46.5-2ubuntu1.2
findutils 4.8.0-1ubuntu3
gcc-12-base 12.3.0-1ubuntu1~22.04
gpgv 2.2.27-3ubuntu2.1
grep 3.7-1build1
gzip 1.10-4ubuntu4.1
hostname 3.23ubuntu2
init-system-helpers 1.62
libacl1 2.3.1-1
libapt-pkg6.0 2.4.13
libattr1 1:2.5.1-1build1
libaudit-common 1:3.0.7-1build1
libaudit1 1:3.0.7-1build1
libblkid1 2.37.2-4ubuntu3.4
libbz2-1.0 1.0.8-5build1
libc-bin 2.35-0ubuntu3.8
libc6 2.35-0ubuntu3.8
libcap-ng0 0.7.9-2.2build3
libcap2 1:2.44-1ubuntu0.22.04.1
libcom-err2 1.46.5-2ubuntu1.2
libcrypt1 1:4.4.27-1
libdb5.3 5.3.28+dfsg1-0.8ubuntu3
libdebconfclient0 0.261ubuntu1
libext2fs2 1.46.5-2ubuntu1.2
libffi8 3.4.2-4
libgcc-s1 12.3.0-1ubuntu1~22.04
libgcrypt20 1.9.4-3ubuntu3
libgmp10 2:6.2.1+dfsg-3ubuntu1
libgnutls30 3.7.3-4ubuntu1.5
libgpg-error0 1.43-3
libgssapi-krb5-2 1.19.2-2ubuntu0.4
libhogweed6 3.7.3-1build2
libidn2-0 2.3.2-2build1
libk5crypto3 1.19.2-2ubuntu0.4
libkeyutils1 1.6.1-2ubuntu3
libkrb5-3 1.19.2-2ubuntu0.4
libkrb5support0 1.19.2-2ubuntu0.4
liblz4-1 1.9.3-2build2
liblzma5 5.2.5-2ubuntu1
libmount1 2.37.2-4ubuntu3.4
libncurses6 6.3-2ubuntu0.1
libncursesw6 6.3-2ubuntu0.1
libnettle8 3.7.3-1build2
libnsl2 1.3.0-2build2
libp11-kit0 0.24.0-6build1
libpam-modules 1.4.0-11ubuntu2.4
libpam-modules-bin 1.4.0-11ubuntu2.4
libpam-runtime 1.4.0-11ubuntu2.4
libpam0g 1.4.0-11ubuntu2.4
libpcre2-8-0 10.39-3ubuntu0.1
libpcre3 2:8.39-13ubuntu0.22.04.1
libprocps8 2:3.3.17-6ubuntu2.1
libseccomp2 2.5.3-2ubuntu2
libselinux1 3.3-1build2
libsemanage-common 3.3-1build2
libsemanage2 3.3-1build2
libsepol2 3.3-1build1
libsmartcols1 2.37.2-4ubuntu3.4
libss2 1.46.5-2ubuntu1.2
libssl3 3.0.2-0ubuntu1.18
libstdc++6 12.3.0-1ubuntu1~22.04
libsystemd0 249.11-0ubuntu3.12
libtasn1-6 4.18.0-4build1
libtinfo6 6.3-2ubuntu0.1
libtirpc-common 1.3.2-2ubuntu0.1
libtirpc3 1.3.2-2ubuntu0.1
libudev1 249.11-0ubuntu3.12
libunistring2 1.0-1
libuuid1 2.37.2-4ubuntu3.4
libxxhash0 0.8.1-1
libzstd1 1.4.8+dfsg-3build1
login 1:4.8.1-2ubuntu2.2
logsave 1.46.5-2ubuntu1.2
lsb-base 11.1.0ubuntu4
mawk 1.3.4.20200120-3
mount 2.37.2-4ubuntu3.4
ncurses-base 6.3-2ubuntu0.1
ncurses-bin 6.3-2ubuntu0.1
openssl 3.0.2-0ubuntu1.18
passwd 1:4.8.1-2ubuntu2.2
perl-base 5.34.0-3ubuntu1.3
procps 2:3.3.17-6ubuntu2.1
sed 4.8-1ubuntu2
sensible-utils 0.0.17
sysvinit-utils 3.01-1ubuntu1
tar 1.34+dfsg-1ubuntu0.1.22.04.2
ubuntu-keyring 2021.03.26
usrmerge 25ubuntu2
util-linux 2.37.2-4ubuntu3.4
zlib1g 1:1.2.11.dfsg-2ubuntu9.2

locked components (13)

acl 2.3.2
attr 2.5.2
bash 5.2p37
coreutils 9.5
envoy 1.32.3
envoy-hardened 1.32.3
gcc 13.3.0
gcc 13.3.0
glibc 2.40-66
gmp-with-cxx 6.3.0
libidn2 2.3.7
libunistring 1.2
xgcc 13.3.0

Download SBOMs

Upstream SBOM Locked SBOM

Usage

$
podman pull ghcr.io/armorred/envoy:1-locked

Verify Signature

$
cosign verify --key https://armorred.org/cosign.pub ghcr.io/armorred/envoy:1-locked