sig_cloud
/
sig-cloud-instance-images
mirror of https://github.com/rocky-linux/sig-cloud-instance-images.git
5
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

deploy: 9faa504140

This commit is contained in:
NeilHanlon 2022-09-24 13:12:55 +00:00
parent aa24a268d4
commit d666566a6f
2 changed files with 90 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
index.html
View File

@ -51,7 +51,7 @@
}
a.toggle-more-links { cursor: pointer; }
</style>
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-09-23 13:15:58.693113905 +0000 UTC m=+0.723437429 </title>
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-09-24 13:12:54.616554675 +0000 UTC m=+1.117938517 </title>
<script>
window.onload = function() {
document.querySelectorAll('td.links').forEach(function(linkCell) {
@ -81,7 +81,7 @@
</script>
</head>
<body>
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-09-23 13:15:58.693138206 +0000 UTC m=+0.723461730</h1>
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-09-24 13:12:54.616583275 +0000 UTC m=+1.117967117</h1>
<table>
<tr class="group-header"><th colspan="6">rocky</th></tr>
<tr class="sub-header">
@ -149,6 +149,33 @@
<a href="https://www.debian.org/security/2022/dsa-5197">https://www.debian.org/security/2022/dsa-5197</a>
</td>
</tr>
<tr class="severity-MEDIUM">
<td class="pkg-name">gnupg2</td>
<td>CVE-2022-34903</td>
<td class="severity">MEDIUM</td>
<td class="pkg-version">2.2.20-2.el8</td>
<td>2.2.20-3.el8_6</td>
<td class="links" data-more-links="off">
<a href="http://www.openwall.com/lists/oss-security/2022/07/02/1">http://www.openwall.com/lists/oss-security/2022/07/02/1</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34903.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34903.json</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-34903">https://access.redhat.com/security/cve/CVE-2022-34903</a>
<a href="https://bugs.debian.org/1014157">https://bugs.debian.org/1014157</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34903">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34903</a>
<a href="https://dev.gnupg.org/T6027">https://dev.gnupg.org/T6027</a>
<a href="https://linux.oracle.com/cve/CVE-2022-34903.html">https://linux.oracle.com/cve/CVE-2022-34903.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2022-6602.html">https://linux.oracle.com/errata/ELSA-2022-6602.html</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-34903">https://nvd.nist.gov/vuln/detail/CVE-2022-34903</a>
<a href="https://security.netapp.com/advisory/ntap-20220826-0005/">https://security.netapp.com/advisory/ntap-20220826-0005/</a>
<a href="https://ubuntu.com/security/notices/USN-5503-1">https://ubuntu.com/security/notices/USN-5503-1</a>
<a href="https://ubuntu.com/security/notices/USN-5503-2">https://ubuntu.com/security/notices/USN-5503-2</a>
<a href="https://www.debian.org/security/2022/dsa-5174">https://www.debian.org/security/2022/dsa-5174</a>
<a href="https://www.openwall.com/lists/oss-security/2022/06/30/1">https://www.openwall.com/lists/oss-security/2022/06/30/1</a>
</td>
</tr>
<tr class="severity-MEDIUM">
<td class="pkg-name">libcurl-minimal</td>
<td>CVE-2022-32206</td>

71
trivy-results.sarif
View File

@ -63,6 +63,33 @@
]
}
},
{
"id": "CVE-2022-34903",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "CVE-2022-34903"
},
"fullDescription": {
"text": "GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim\u0026#39;s keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line."
},
"defaultConfiguration": {
"level": "warning"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-34903",
"help": {
"text": "Vulnerability CVE-2022-34903\nSeverity: MEDIUM\nPackage: gnupg2\nFixed Version: 2.2.20-3.el8_6\nLink: [CVE-2022-34903](https://avd.aquasec.com/nvd/cve-2022-34903)\nGnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.",
"markdown": "**Vulnerability CVE-2022-34903**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|gnupg2|2.2.20-3.el8_6|[CVE-2022-34903](https://avd.aquasec.com/nvd/cve-2022-34903)|\n\nGnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line."
},
"properties": {
"precision": "very-high",
"security-severity": "6.5",
"tags": [
"vulnerability",
"security",
"MEDIUM"
]
}
},
{
"id": "CVE-2022-1292",
"name": "OsPackageVulnerability",
@ -332,6 +359,30 @@
}
]
},
{
"ruleId": "CVE-2022-34903",
"ruleIndex": 2,
"level": "warning",
"message": {
"text": "Package: gnupg2\nInstalled Version: 2.2.20-2.el8\nVulnerability CVE-2022-34903\nSeverity: MEDIUM\nFixed Version: 2.2.20-3.el8_6\nLink: [CVE-2022-34903](https://avd.aquasec.com/nvd/cve-2022-34903)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2022-32206",
"ruleIndex": 0,
@ -382,7 +433,7 @@
},
{
"ruleId": "CVE-2022-1292",
"ruleIndex": 2,
"ruleIndex": 3,
"level": "error",
"message": {
"text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-1292\nSeverity: CRITICAL\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-1292](https://avd.aquasec.com/nvd/cve-2022-1292)"
@ -406,7 +457,7 @@
},
{
"ruleId": "CVE-2022-2068",
"ruleIndex": 3,
"ruleIndex": 4,
"level": "error",
"message": {
"text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-2068\nSeverity: CRITICAL\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-2068](https://avd.aquasec.com/nvd/cve-2022-2068)"
@ -430,7 +481,7 @@
},
{
"ruleId": "CVE-2022-2097",
"ruleIndex": 4,
"ruleIndex": 5,
"level": "warning",
"message": {
"text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-2097\nSeverity: MEDIUM\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-2097](https://avd.aquasec.com/nvd/cve-2022-2097)"
@ -454,7 +505,7 @@
},
{
"ruleId": "CVE-2022-1586",
"ruleIndex": 5,
"ruleIndex": 6,
"level": "error",
"message": {
"text": "Package: pcre2\nInstalled Version: 10.32-2.el8\nVulnerability CVE-2022-1586\nSeverity: CRITICAL\nFixed Version: 10.32-3.el8_6\nLink: [CVE-2022-1586](https://avd.aquasec.com/nvd/cve-2022-1586)"
@ -478,7 +529,7 @@
},
{
"ruleId": "CVE-2022-2526",
"ruleIndex": 6,
"ruleIndex": 7,
"level": "error",
"message": {
"text": "Package: systemd\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
@ -502,7 +553,7 @@
},
{
"ruleId": "CVE-2022-2526",
"ruleIndex": 6,
"ruleIndex": 7,
"level": "error",
"message": {
"text": "Package: systemd-libs\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
@ -526,7 +577,7 @@
},
{
"ruleId": "CVE-2022-2526",
"ruleIndex": 6,
"ruleIndex": 7,
"level": "error",
"message": {
"text": "Package: systemd-pam\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
@ -550,7 +601,7 @@
},
{
"ruleId": "CVE-2022-1927",
"ruleIndex": 7,
"ruleIndex": 8,
"level": "error",
"message": {
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1927\nSeverity: CRITICAL\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1927](https://avd.aquasec.com/nvd/cve-2022-1927)"
@ -574,7 +625,7 @@
},
{
"ruleId": "CVE-2022-1785",
"ruleIndex": 8,
"ruleIndex": 9,
"level": "error",
"message": {
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1785\nSeverity: HIGH\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1785](https://avd.aquasec.com/nvd/cve-2022-1785)"
@ -598,7 +649,7 @@
},
{
"ruleId": "CVE-2022-1897",
"ruleIndex": 9,
"ruleIndex": 10,
"level": "error",
"message": {
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1897\nSeverity: HIGH\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1897](https://avd.aquasec.com/nvd/cve-2022-1897)"