sig_cloud
/
sig-cloud-instance-images
mirror of https://github.com/rocky-linux/sig-cloud-instance-images.git
5
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

deploy: 0064de53bf

This commit is contained in:
NeilHanlon 2022-11-14 13:16:47 +00:00
parent ab0cfefe32
commit 52a19985f9
2 changed files with 232 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
index.html
View File

@ -51,7 +51,7 @@
}
a.toggle-more-links { cursor: pointer; }
</style>
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-11-13 18:07:32.30802527 +0000 UTC m=+0.655292753 </title>
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-11-14 13:16:46.032553078 +0000 UTC m=+1.457404480 </title>
<script>
window.onload = function() {
document.querySelectorAll('td.links').forEach(function(linkCell) {
@ -81,7 +81,7 @@
</script>
</head>
<body>
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-11-13 18:07:32.30804927 +0000 UTC m=+0.655316753</h1>
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-11-14 13:16:46.032580979 +0000 UTC m=+1.457432381</h1>
<table>
<tr class="group-header"><th colspan="6">rocky</th></tr>
<tr class="sub-header">
@ -239,6 +239,25 @@
<a href="https://www.debian.org/security/2022/dsa-5203">https://www.debian.org/security/2022/dsa-5203</a>
</td>
</tr>
<tr class="severity-HIGH">
<td class="pkg-name">libcom_err</td>
<td>CVE-2022-1304</td>
<td class="severity">HIGH</td>
<td class="pkg-version">1.45.6-4.el8</td>
<td>1.45.6-5.el8</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2022:7720">https://access.redhat.com/errata/RHSA-2022:7720</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1304.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1304.json</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-1304">https://access.redhat.com/security/cve/CVE-2022-1304</a>
<a href="https://bugzilla.redhat.com/2069726">https://bugzilla.redhat.com/2069726</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2069726">https://bugzilla.redhat.com/show_bug.cgi?id=2069726</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1304">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1304</a>
<a href="https://errata.almalinux.org/8/ALSA-2022-7720.html">https://errata.almalinux.org/8/ALSA-2022-7720.html</a>
<a href="https://marc.info/?l=linux-ext4&amp;m=165056234501732&amp;w=2">https://marc.info/?l=linux-ext4&amp;m=165056234501732&amp;w=2</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-1304">https://nvd.nist.gov/vuln/detail/CVE-2022-1304</a>
<a href="https://ubuntu.com/security/notices/USN-5464-1">https://ubuntu.com/security/notices/USN-5464-1</a>
</td>
</tr>
<tr class="severity-MEDIUM">
<td class="pkg-name">libcurl-minimal</td>
<td>CVE-2022-32206</td>
@ -300,6 +319,42 @@
<a href="https://www.debian.org/security/2022/dsa-5197">https://www.debian.org/security/2022/dsa-5197</a>
</td>
</tr>
<tr class="severity-HIGH">
<td class="pkg-name">libksba</td>
<td>CVE-2022-3515</td>
<td class="severity">HIGH</td>
<td class="pkg-version">1.3.5-7.el8</td>
<td>1.3.5-8.el8_6</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3515.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3515.json</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-3515">https://access.redhat.com/security/cve/CVE-2022-3515</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3515">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3515</a>
<a href="https://gnupg.org/blog/20221017-pepe-left-the-ksba.html">https://gnupg.org/blog/20221017-pepe-left-the-ksba.html</a>
<a href="https://linux.oracle.com/cve/CVE-2022-3515.html">https://linux.oracle.com/cve/CVE-2022-3515.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2022-7090.html">https://linux.oracle.com/errata/ELSA-2022-7090.html</a>
<a href="https://ubuntu.com/security/notices/USN-5688-1">https://ubuntu.com/security/notices/USN-5688-1</a>
<a href="https://ubuntu.com/security/notices/USN-5688-2">https://ubuntu.com/security/notices/USN-5688-2</a>
<a href="https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html">https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html</a>
</td>
</tr>
<tr class="severity-MEDIUM">
<td class="pkg-name">libxml2</td>
<td>CVE-2016-3709</td>
<td class="severity">MEDIUM</td>
<td class="pkg-version">2.9.7-13.el8_6.1</td>
<td>2.9.7-15.el8</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2022:7715">https://access.redhat.com/errata/RHSA-2022:7715</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3709.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3709.json</a>
<a href="https://access.redhat.com/security/cve/CVE-2016-3709">https://access.redhat.com/security/cve/CVE-2016-3709</a>
<a href="https://bugzilla.redhat.com/2112766">https://bugzilla.redhat.com/2112766</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3709">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3709</a>
<a href="https://errata.almalinux.org/8/ALSA-2022-7715.html">https://errata.almalinux.org/8/ALSA-2022-7715.html</a>
<a href="https://mail.gnome.org/archives/xml/2018-January/msg00010.html">https://mail.gnome.org/archives/xml/2018-January/msg00010.html</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2016-3709">https://nvd.nist.gov/vuln/detail/CVE-2016-3709</a>
<a href="https://ubuntu.com/security/notices/USN-5548-1">https://ubuntu.com/security/notices/USN-5548-1</a>
</td>
</tr>
<tr class="severity-CRITICAL">
<td class="pkg-name">openssl-libs</td>
<td>CVE-2022-1292</td>

188
trivy-results.sarif
View File

@ -144,6 +144,87 @@
]
}
},
{
"id": "CVE-2022-1304",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "e2fsprogs: out-of-bounds read/write via crafted filesystem"
},
"fullDescription": {
"text": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem."
},
"defaultConfiguration": {
"level": "error"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-1304",
"help": {
"text": "Vulnerability CVE-2022-1304\nSeverity: HIGH\nPackage: libcom_err\nFixed Version: 1.45.6-5.el8\nLink: [CVE-2022-1304](https://avd.aquasec.com/nvd/cve-2022-1304)\nAn out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.",
"markdown": "**Vulnerability CVE-2022-1304**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|HIGH|libcom_err|1.45.6-5.el8|[CVE-2022-1304](https://avd.aquasec.com/nvd/cve-2022-1304)|\n\nAn out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem."
},
"properties": {
"precision": "very-high",
"security-severity": "7.8",
"tags": [
"vulnerability",
"security",
"HIGH"
]
}
},
{
"id": "CVE-2022-3515",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "libksba: integer overflow may lead to remote code execution"
},
"fullDescription": {
"text": "A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment."
},
"defaultConfiguration": {
"level": "error"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-3515",
"help": {
"text": "Vulnerability CVE-2022-3515\nSeverity: HIGH\nPackage: libksba\nFixed Version: 1.3.5-8.el8_6\nLink: [CVE-2022-3515](https://avd.aquasec.com/nvd/cve-2022-3515)\nA vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.",
"markdown": "**Vulnerability CVE-2022-3515**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|HIGH|libksba|1.3.5-8.el8_6|[CVE-2022-3515](https://avd.aquasec.com/nvd/cve-2022-3515)|\n\nA vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment."
},
"properties": {
"precision": "very-high",
"security-severity": "8.0",
"tags": [
"vulnerability",
"security",
"HIGH"
]
}
},
{
"id": "CVE-2016-3709",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "libxml2: Incorrect server side include parsing can lead to XSS"
},
"fullDescription": {
"text": "Possible cross-site scripting vulnerability in libxml after commit 960f0e2."
},
"defaultConfiguration": {
"level": "warning"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2016-3709",
"help": {
"text": "Vulnerability CVE-2016-3709\nSeverity: MEDIUM\nPackage: libxml2\nFixed Version: 2.9.7-15.el8\nLink: [CVE-2016-3709](https://avd.aquasec.com/nvd/cve-2016-3709)\nPossible cross-site scripting vulnerability in libxml after commit 960f0e2.",
"markdown": "**Vulnerability CVE-2016-3709**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|libxml2|2.9.7-15.el8|[CVE-2016-3709](https://avd.aquasec.com/nvd/cve-2016-3709)|\n\nPossible cross-site scripting vulnerability in libxml after commit 960f0e2."
},
"properties": {
"precision": "very-high",
"security-severity": "6.1",
"tags": [
"vulnerability",
"security",
"MEDIUM"
]
}
},
{
"id": "CVE-2022-1292",
"name": "OsPackageVulnerability",
@ -581,6 +662,33 @@
}
]
},
{
"ruleId": "CVE-2022-1304",
"ruleIndex": 5,
"level": "error",
"message": {
"text": "Package: libcom_err\nInstalled Version: 1.45.6-4.el8\nVulnerability CVE-2022-1304\nSeverity: HIGH\nFixed Version: 1.45.6-5.el8\nLink: [CVE-2022-1304](https://avd.aquasec.com/nvd/cve-2022-1304)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: libcom_err@1.45.6-4.el8"
}
}
]
},
{
"ruleId": "CVE-2022-32206",
"ruleIndex": 0,
@ -635,9 +743,63 @@
}
]
},
{
"ruleId": "CVE-2022-3515",
"ruleIndex": 6,
"level": "error",
"message": {
"text": "Package: libksba\nInstalled Version: 1.3.5-7.el8\nVulnerability CVE-2022-3515\nSeverity: HIGH\nFixed Version: 1.3.5-8.el8_6\nLink: [CVE-2022-3515](https://avd.aquasec.com/nvd/cve-2022-3515)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: libksba@1.3.5-7.el8"
}
}
]
},
{
"ruleId": "CVE-2016-3709",
"ruleIndex": 7,
"level": "warning",
"message": {
"text": "Package: libxml2\nInstalled Version: 2.9.7-13.el8_6.1\nVulnerability CVE-2016-3709\nSeverity: MEDIUM\nFixed Version: 2.9.7-15.el8\nLink: [CVE-2016-3709](https://avd.aquasec.com/nvd/cve-2016-3709)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: libxml2@2.9.7-13.el8_6.1"
}
}
]
},
{
"ruleId": "CVE-2022-1292",
"ruleIndex": 5,
"ruleIndex": 8,
"level": "error",
"message": {
"text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-1292\nSeverity: CRITICAL\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-1292](https://avd.aquasec.com/nvd/cve-2022-1292)"
@ -664,7 +826,7 @@
},
{
"ruleId": "CVE-2022-2068",
"ruleIndex": 6,
"ruleIndex": 9,
"level": "error",
"message": {
"text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-2068\nSeverity: CRITICAL\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-2068](https://avd.aquasec.com/nvd/cve-2022-2068)"
@ -691,7 +853,7 @@
},
{
"ruleId": "CVE-2022-2097",
"ruleIndex": 7,
"ruleIndex": 10,
"level": "warning",
"message": {
"text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-2097\nSeverity: MEDIUM\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-2097](https://avd.aquasec.com/nvd/cve-2022-2097)"
@ -718,7 +880,7 @@
},
{
"ruleId": "CVE-2022-1586",
"ruleIndex": 8,
"ruleIndex": 11,
"level": "error",
"message": {
"text": "Package: pcre2\nInstalled Version: 10.32-2.el8\nVulnerability CVE-2022-1586\nSeverity: CRITICAL\nFixed Version: 10.32-3.el8_6\nLink: [CVE-2022-1586](https://avd.aquasec.com/nvd/cve-2022-1586)"
@ -745,7 +907,7 @@
},
{
"ruleId": "CVE-2020-35527",
"ruleIndex": 9,
"ruleIndex": 12,
"level": "error",
"message": {
"text": "Package: sqlite-libs\nInstalled Version: 3.26.0-15.el8\nVulnerability CVE-2020-35527\nSeverity: CRITICAL\nFixed Version: 3.26.0-16.el8_6\nLink: [CVE-2020-35527](https://avd.aquasec.com/nvd/cve-2020-35527)"
@ -772,7 +934,7 @@
},
{
"ruleId": "CVE-2020-35525",
"ruleIndex": 10,
"ruleIndex": 13,
"level": "error",
"message": {
"text": "Package: sqlite-libs\nInstalled Version: 3.26.0-15.el8\nVulnerability CVE-2020-35525\nSeverity: HIGH\nFixed Version: 3.26.0-16.el8_6\nLink: [CVE-2020-35525](https://avd.aquasec.com/nvd/cve-2020-35525)"
@ -799,7 +961,7 @@
},
{
"ruleId": "CVE-2022-2526",
"ruleIndex": 11,
"ruleIndex": 14,
"level": "error",
"message": {
"text": "Package: systemd\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
@ -826,7 +988,7 @@
},
{
"ruleId": "CVE-2022-2526",
"ruleIndex": 11,
"ruleIndex": 14,
"level": "error",
"message": {
"text": "Package: systemd-libs\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
@ -853,7 +1015,7 @@
},
{
"ruleId": "CVE-2022-2526",
"ruleIndex": 11,
"ruleIndex": 14,
"level": "error",
"message": {
"text": "Package: systemd-pam\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
@ -880,7 +1042,7 @@
},
{
"ruleId": "CVE-2022-1785",
"ruleIndex": 12,
"ruleIndex": 15,
"level": "error",
"message": {
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1785\nSeverity: HIGH\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1785](https://avd.aquasec.com/nvd/cve-2022-1785)"
@ -907,7 +1069,7 @@
},
{
"ruleId": "CVE-2022-1897",
"ruleIndex": 13,
"ruleIndex": 16,
"level": "error",
"message": {
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1897\nSeverity: HIGH\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1897](https://avd.aquasec.com/nvd/cve-2022-1897)"
@ -934,7 +1096,7 @@
},
{
"ruleId": "CVE-2022-1927",
"ruleIndex": 14,
"ruleIndex": 17,
"level": "error",
"message": {
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1927\nSeverity: HIGH\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1927](https://avd.aquasec.com/nvd/cve-2022-1927)"
@ -961,7 +1123,7 @@
},
{
"ruleId": "CVE-2022-37434",
"ruleIndex": 15,
"ruleIndex": 18,
"level": "error",
"message": {
"text": "Package: zlib\nInstalled Version: 1.2.11-18.el8_5\nVulnerability CVE-2022-37434\nSeverity: CRITICAL\nFixed Version: 1.2.11-19.el8_6\nLink: [CVE-2022-37434](https://avd.aquasec.com/nvd/cve-2022-37434)"