HAProxy 3
locked
Size Reduction
42%
109.5 MB to 63.9 MB (45.6 MB saved)
Component Reduction
81%
83 to 16 packages (67 removed)
Vulnerability Reduction
100%
27 to 0 vulnerabilities (27 eliminated)
Image Comparison
| Property | upstream | locked |
|---|---|---|
| Image | docker.io/library/haproxy:3.2.9 | ghcr.io/armorred/haproxy:3-locked |
| Size | 109.5 MB | 63.9 MB |
| Layers | 6 | 19 |
| Components | 83 | 16 |
| Vulnerabilities | 27 | 0 |
| Runtime User | haproxy | 999:999 |
Vulnerability Analysis
upstream
27 total
locked
0 total
Upstream vulnerability details (27)
| CVE ID | Severity | Package | Version | Fixed In |
|---|---|---|---|---|
| DEBIAN-CVE-2011-3374 | low | apt | 3.0.3 | unfixed |
| DEBIAN-CVE-2022-3715 | high | bash | 5.2.37-2+b5 | 5.2-1 |
| DEBIAN-CVE-2016-2781 | medium | coreutils | 9.7-3 | 9.4-1 |
| DEBIAN-CVE-2017-18018 | medium | coreutils | 9.7-3 | unfixed |
| DEBIAN-CVE-2025-5278 | medium | coreutils | 9.7-3 | unfixed |
| DEBIAN-CVE-2025-6297 | high | dpkg | 1.22.21 | 1.22.21 |
| DEBIAN-CVE-2025-11187 | medium | openssl | 3.5.4-1~deb13u1 | 3.5.4-1~deb13u2 |
| DEBIAN-CVE-2025-15467 | critical | openssl | 3.5.4-1~deb13u1 | 3.0.18-1~deb12u2 |
| DEBIAN-CVE-2025-15468 | medium | openssl | 3.5.4-1~deb13u1 | 3.5.4-1~deb13u2 |
| DEBIAN-CVE-2025-15469 | medium | openssl | 3.5.4-1~deb13u1 | 3.5.4-1~deb13u2 |
| DEBIAN-CVE-2025-27587 | medium | openssl | 3.5.4-1~deb13u1 | 3.5.0-1 |
| DEBIAN-CVE-2025-66199 | medium | openssl | 3.5.4-1~deb13u1 | 3.5.4-1~deb13u2 |
| DEBIAN-CVE-2025-68160 | medium | openssl | 3.5.4-1~deb13u1 | 3.0.18-1~deb12u2 |
| DEBIAN-CVE-2025-69418 | medium | openssl | 3.5.4-1~deb13u1 | 3.0.18-1~deb12u2 |
| DEBIAN-CVE-2025-69419 | high | openssl | 3.5.4-1~deb13u1 | 3.0.18-1~deb12u2 |
| DEBIAN-CVE-2025-69420 | high | openssl | 3.5.4-1~deb13u1 | 3.0.18-1~deb12u2 |
| DEBIAN-CVE-2025-69421 | high | openssl | 3.5.4-1~deb13u1 | 3.0.18-1~deb12u2 |
| DEBIAN-CVE-2025-9230 | high | openssl | 3.5.4-1~deb13u1 | 1.1.1w-0+deb11u4 |
| DEBIAN-CVE-2025-9231 | medium | openssl | 3.5.4-1~deb13u1 | 3.5.1-1+deb13u1 |
| DEBIAN-CVE-2025-9232 | medium | openssl | 3.5.4-1~deb13u1 | 3.0.17-1~deb12u3 |
| DEBIAN-CVE-2026-22795 | medium | openssl | 3.5.4-1~deb13u1 | 3.0.18-1~deb12u2 |
| DEBIAN-CVE-2026-22796 | medium | openssl | 3.5.4-1~deb13u1 | 3.0.18-1~deb12u2 |
| DSA-6113-1 | unknown | openssl | 3.5.4-1~deb13u1 | 3.0.18-1~deb12u2 |
| DEBIAN-CVE-2024-54661 | critical | socat | 1.8.0.3-1 | 1.8.0.2-1 |
| DEBIAN-CVE-2005-2541 | unknown | tar | 1.35+dfsg-3.1 | unfixed |
| DEBIAN-CVE-2022-0563 | medium | util-linux | 2.41-5 | unfixed |
| DEBIAN-CVE-2025-14104 | medium | util-linux | 2.41-5 | 2.41.3-1 |
Software Bill of Materials
upstream components (83)
- apt 3.0.3
- base-files 13.8+deb13u2
- base-passwd 3.6.7
- bash 5.2.37-2+b5
- bsdutils 1:2.41-5
- ca-certificates 20250419
- coreutils 9.7-3
- dash 0.5.12-12
- debconf 1.5.91
- debian-archive-keyring 2025.1
- debianutils 5.23.2
- diffutils 1:3.10-4
- dpkg 1.22.21
- findutils 4.10.0-3
- gcc-14-base 14.2.0-19
- grep 3.11-4
- gzip 1.13-1
- hostname 3.25
- init-system-helpers 1.69~deb13u1
- libacl1 2.3.2-2+b1
- libapt-pkg7.0 3.0.3
- libattr1 1:2.5.2-3
- libaudit-common 1:4.0.2-2
- libaudit1 1:4.0.2-2+b2
- libblkid1 2.41-5
- libbsd0 0.12.2-2
- libbz2-1.0 1.0.8-6
- libc-bin 2.41-12
- libc6 2.41-12
- libcap-ng0 0.8.5-4+b1
- libcap2 1:2.75-10+b1
- libcrypt1 1:4.4.38-1
- libdb5.3t64 5.3.28+dfsg2-9
- libdebconfclient0 0.280
- libgcc-s1 14.2.0-19
- libgmp10 2:6.3.0+dfsg-3
- libhogweed6t64 3.10.1-1
- liblastlog2-2 2.41-5
- liblua5.4-0 5.4.7-1+b2
- liblz4-1 1.10.0-4
- liblzma5 5.8.1-1
- libmd0 1.1.0-2+b1
- libmount1 2.41-5
- libnettle8t64 3.10.1-1
- libpam-modules 1.7.0-5
- libpam-modules-bin 1.7.0-5
- libpam-runtime 1.7.0-5
- libpam0g 1.7.0-5
- libpcre2-8-0 10.46-1~deb13u1
- libseccomp2 2.6.0-2
- libselinux1 3.8.1-1
- libsemanage-common 3.8.1-1
- libsemanage2 3.8.1-1
- libsepol2 3.8.1-1
- libsmartcols1 2.41-5
- libsqlite3-0 3.46.1-7
- libssl3t64 3.5.4-1~deb13u1
- libstdc++6 14.2.0-19
- libsystemd0 257.9-1~deb13u1
- libtinfo6 6.5+20250216-2
- libudev1 257.9-1~deb13u1
- libuuid1 2.41-5
- libwrap0 7.6.q-36
- libxxhash0 0.8.3-2
- libzstd1 1.5.7+dfsg-1
- login 1:4.16.0-2+really2.41-5
- login.defs 1:4.17.4-2
- mawk 1.3.4.20250131-1
- mount 2.41-5
- ncurses-base 6.5+20250216-2
- ncurses-bin 6.5+20250216-2
- openssl 3.5.4-1~deb13u1
- openssl-provider-legacy 3.5.4-1~deb13u1
- passwd 1:4.17.4-2
- perl-base 5.40.1-6
- sed 4.9-2
- socat 1.8.0.3-1
- sqv 1.3.0-3
- sysvinit-utils 3.14-4
- tar 1.35+dfsg-3.1
- tzdata 2025b-4+deb13u1
- util-linux 2.41-5
- zlib1g 1:1.3.dfsg+really1.3.1-1+b1
locked components (16)
- acl 2.3.2
- attr 2.5.2
- bash 5.2p37
- coreutils 9.5
- gcc 13.3.0
- gcc 13.3.0
- glibc 2.40-66
- gmp-with-cxx 6.3.0
- haproxy 3.2.9
- libidn2 2.3.7
- libunistring 1.2
- libxcrypt 4.4.36
- openssl 3.3.3
- pcre2 10.44
- xgcc 13.3.0
- zlib 1.3.1
Download SBOMs
Usage
$
podman pull ghcr.io/armorred/haproxy:3-locked
Verify Signature
$
cosign verify --key https://armorred.org/cosign.pub ghcr.io/armorred/haproxy:3-locked