This commit is contained in:
NeilHanlon 2023-02-17 13:06:26 +00:00
parent 2ddcf36365
commit df23868c90
2 changed files with 104 additions and 23 deletions

View File

@ -51,7 +51,7 @@
}
a.toggle-more-links { cursor: pointer; }
</style>
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-02-16 13:06:30.988440764 +0000 UTC m=+0.651300861 </title>
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-02-17 13:06:25.614870608 +0000 UTC m=+1.886522334 </title>
<script>
window.onload = function() {
document.querySelectorAll('td.links').forEach(function(linkCell) {
@ -81,7 +81,7 @@
</script>
</head>
<body>
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-02-16 13:06:30.988477764 +0000 UTC m=+0.651337861</h1>
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-02-17 13:06:25.614900808 +0000 UTC m=+1.886552534</h1>
<table>
<tr class="group-header"><th colspan="6">rocky</th></tr>
<tr class="sub-header">
@ -111,7 +111,7 @@
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0335.html">https://errata.almalinux.org/9/ALSA-2023-0335.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0096">https://errata.rockylinux.org/RLSA-2023:0096</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0335">https://errata.rockylinux.org/RLSA-2023:0335</a>
<a href="https://gitlab.freedesktop.org/dbus/dbus/-/issues/418">https://gitlab.freedesktop.org/dbus/dbus/-/issues/418</a>
<a href="https://linux.oracle.com/cve/CVE-2022-42010.html">https://linux.oracle.com/cve/CVE-2022-42010.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0335.html">https://linux.oracle.com/errata/ELSA-2023-0335.html</a>
@ -142,7 +142,7 @@
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0335.html">https://errata.almalinux.org/9/ALSA-2023-0335.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0096">https://errata.rockylinux.org/RLSA-2023:0096</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0335">https://errata.rockylinux.org/RLSA-2023:0335</a>
<a href="https://gitlab.freedesktop.org/dbus/dbus/-/issues/413">https://gitlab.freedesktop.org/dbus/dbus/-/issues/413</a>
<a href="https://linux.oracle.com/cve/CVE-2022-42011.html">https://linux.oracle.com/cve/CVE-2022-42011.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0335.html">https://linux.oracle.com/errata/ELSA-2023-0335.html</a>
@ -173,7 +173,7 @@
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0335.html">https://errata.almalinux.org/9/ALSA-2023-0335.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0096">https://errata.rockylinux.org/RLSA-2023:0096</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0335">https://errata.rockylinux.org/RLSA-2023:0335</a>
<a href="https://gitlab.freedesktop.org/dbus/dbus/-/issues/417">https://gitlab.freedesktop.org/dbus/dbus/-/issues/417</a>
<a href="https://linux.oracle.com/cve/CVE-2022-42012.html">https://linux.oracle.com/cve/CVE-2022-42012.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0335.html">https://linux.oracle.com/errata/ELSA-2023-0335.html</a>
@ -204,7 +204,7 @@
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0335.html">https://errata.almalinux.org/9/ALSA-2023-0335.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0096">https://errata.rockylinux.org/RLSA-2023:0096</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0335">https://errata.rockylinux.org/RLSA-2023:0335</a>
<a href="https://gitlab.freedesktop.org/dbus/dbus/-/issues/418">https://gitlab.freedesktop.org/dbus/dbus/-/issues/418</a>
<a href="https://linux.oracle.com/cve/CVE-2022-42010.html">https://linux.oracle.com/cve/CVE-2022-42010.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0335.html">https://linux.oracle.com/errata/ELSA-2023-0335.html</a>
@ -235,7 +235,7 @@
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0335.html">https://errata.almalinux.org/9/ALSA-2023-0335.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0096">https://errata.rockylinux.org/RLSA-2023:0096</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0335">https://errata.rockylinux.org/RLSA-2023:0335</a>
<a href="https://gitlab.freedesktop.org/dbus/dbus/-/issues/413">https://gitlab.freedesktop.org/dbus/dbus/-/issues/413</a>
<a href="https://linux.oracle.com/cve/CVE-2022-42011.html">https://linux.oracle.com/cve/CVE-2022-42011.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0335.html">https://linux.oracle.com/errata/ELSA-2023-0335.html</a>
@ -266,7 +266,7 @@
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0335.html">https://errata.almalinux.org/9/ALSA-2023-0335.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0096">https://errata.rockylinux.org/RLSA-2023:0096</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0335">https://errata.rockylinux.org/RLSA-2023:0335</a>
<a href="https://gitlab.freedesktop.org/dbus/dbus/-/issues/417">https://gitlab.freedesktop.org/dbus/dbus/-/issues/417</a>
<a href="https://linux.oracle.com/cve/CVE-2022-42012.html">https://linux.oracle.com/cve/CVE-2022-42012.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0335.html">https://linux.oracle.com/errata/ELSA-2023-0335.html</a>
@ -297,7 +297,7 @@
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0335.html">https://errata.almalinux.org/9/ALSA-2023-0335.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0096">https://errata.rockylinux.org/RLSA-2023:0096</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0335">https://errata.rockylinux.org/RLSA-2023:0335</a>
<a href="https://gitlab.freedesktop.org/dbus/dbus/-/issues/418">https://gitlab.freedesktop.org/dbus/dbus/-/issues/418</a>
<a href="https://linux.oracle.com/cve/CVE-2022-42010.html">https://linux.oracle.com/cve/CVE-2022-42010.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0335.html">https://linux.oracle.com/errata/ELSA-2023-0335.html</a>
@ -328,7 +328,7 @@
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0335.html">https://errata.almalinux.org/9/ALSA-2023-0335.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0096">https://errata.rockylinux.org/RLSA-2023:0096</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0335">https://errata.rockylinux.org/RLSA-2023:0335</a>
<a href="https://gitlab.freedesktop.org/dbus/dbus/-/issues/413">https://gitlab.freedesktop.org/dbus/dbus/-/issues/413</a>
<a href="https://linux.oracle.com/cve/CVE-2022-42011.html">https://linux.oracle.com/cve/CVE-2022-42011.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0335.html">https://linux.oracle.com/errata/ELSA-2023-0335.html</a>
@ -359,7 +359,7 @@
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0335.html">https://errata.almalinux.org/9/ALSA-2023-0335.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0096">https://errata.rockylinux.org/RLSA-2023:0096</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0335">https://errata.rockylinux.org/RLSA-2023:0335</a>
<a href="https://gitlab.freedesktop.org/dbus/dbus/-/issues/417">https://gitlab.freedesktop.org/dbus/dbus/-/issues/417</a>
<a href="https://linux.oracle.com/cve/CVE-2022-42012.html">https://linux.oracle.com/cve/CVE-2022-42012.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0335.html">https://linux.oracle.com/errata/ELSA-2023-0335.html</a>
@ -390,7 +390,7 @@
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0335.html">https://errata.almalinux.org/9/ALSA-2023-0335.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0096">https://errata.rockylinux.org/RLSA-2023:0096</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0335">https://errata.rockylinux.org/RLSA-2023:0335</a>
<a href="https://gitlab.freedesktop.org/dbus/dbus/-/issues/418">https://gitlab.freedesktop.org/dbus/dbus/-/issues/418</a>
<a href="https://linux.oracle.com/cve/CVE-2022-42010.html">https://linux.oracle.com/cve/CVE-2022-42010.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0335.html">https://linux.oracle.com/errata/ELSA-2023-0335.html</a>
@ -421,7 +421,7 @@
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0335.html">https://errata.almalinux.org/9/ALSA-2023-0335.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0096">https://errata.rockylinux.org/RLSA-2023:0096</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0335">https://errata.rockylinux.org/RLSA-2023:0335</a>
<a href="https://gitlab.freedesktop.org/dbus/dbus/-/issues/413">https://gitlab.freedesktop.org/dbus/dbus/-/issues/413</a>
<a href="https://linux.oracle.com/cve/CVE-2022-42011.html">https://linux.oracle.com/cve/CVE-2022-42011.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0335.html">https://linux.oracle.com/errata/ELSA-2023-0335.html</a>
@ -452,7 +452,7 @@
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0335.html">https://errata.almalinux.org/9/ALSA-2023-0335.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0096">https://errata.rockylinux.org/RLSA-2023:0096</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0335">https://errata.rockylinux.org/RLSA-2023:0335</a>
<a href="https://gitlab.freedesktop.org/dbus/dbus/-/issues/417">https://gitlab.freedesktop.org/dbus/dbus/-/issues/417</a>
<a href="https://linux.oracle.com/cve/CVE-2022-42012.html">https://linux.oracle.com/cve/CVE-2022-42012.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0335.html">https://linux.oracle.com/errata/ELSA-2023-0335.html</a>
@ -477,7 +477,7 @@
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2140059">https://bugzilla.redhat.com/show_bug.cgi?id=2140059</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0337.html">https://errata.almalinux.org/9/ALSA-2023-0337.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0103">https://errata.rockylinux.org/RLSA-2023:0103</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0337">https://errata.rockylinux.org/RLSA-2023:0337</a>
<a href="https://github.com/libexpat/libexpat/issues/649">https://github.com/libexpat/libexpat/issues/649</a>
<a href="https://github.com/libexpat/libexpat/pull/616">https://github.com/libexpat/libexpat/pull/616</a>
<a href="https://github.com/libexpat/libexpat/pull/650">https://github.com/libexpat/libexpat/pull/650</a>
@ -498,6 +498,33 @@
<a href="https://www.debian.org/security/2022/dsa-5266">https://www.debian.org/security/2022/dsa-5266</a>
</td>
</tr>
<tr class="severity-HIGH">
<td class="pkg-name">libksba</td>
<td>CVE-2022-47629</td>
<td class="severity">HIGH</td>
<td class="pkg-version">1.3.5-8.el8_6</td>
<td>1.3.5-9.el8_7</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0626">https://access.redhat.com/errata/RHSA-2023:0626</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-47629">https://access.redhat.com/security/cve/CVE-2022-47629</a>
<a href="https://bugzilla.redhat.com/2161571">https://bugzilla.redhat.com/2161571</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2161571">https://bugzilla.redhat.com/show_bug.cgi?id=2161571</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47629">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47629</a>
<a href="https://dev.gnupg.org/T6284">https://dev.gnupg.org/T6284</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0626.html">https://errata.almalinux.org/9/ALSA-2023-0626.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0626">https://errata.rockylinux.org/RLSA-2023:0626</a>
<a href="https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070">https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070</a>
<a href="https://gnupg.org/blog/20221017-pepe-left-the-ksba.html">https://gnupg.org/blog/20221017-pepe-left-the-ksba.html</a>
<a href="https://linux.oracle.com/cve/CVE-2022-47629.html">https://linux.oracle.com/cve/CVE-2022-47629.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0626.html">https://linux.oracle.com/errata/ELSA-2023-0626.html</a>
<a href="https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html">https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-47629">https://nvd.nist.gov/vuln/detail/CVE-2022-47629</a>
<a href="https://security.gentoo.org/glsa/202212-07">https://security.gentoo.org/glsa/202212-07</a>
<a href="https://ubuntu.com/security/notices/USN-5787-1">https://ubuntu.com/security/notices/USN-5787-1</a>
<a href="https://ubuntu.com/security/notices/USN-5787-2">https://ubuntu.com/security/notices/USN-5787-2</a>
<a href="https://www.debian.org/security/2022/dsa-5305">https://www.debian.org/security/2022/dsa-5305</a>
</td>
</tr>
<tr class="severity-MEDIUM">
<td class="pkg-name">libtasn1</td>
<td>CVE-2021-46848</td>
@ -512,7 +539,7 @@
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2140058">https://bugzilla.redhat.com/show_bug.cgi?id=2140058</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46848">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46848</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0343.html">https://errata.almalinux.org/9/ALSA-2023-0343.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0116">https://errata.rockylinux.org/RLSA-2023:0116</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0343">https://errata.rockylinux.org/RLSA-2023:0343</a>
<a href="https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5">https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5</a>
<a href="https://gitlab.com/gnutls/libtasn1/-/issues/32">https://gitlab.com/gnutls/libtasn1/-/issues/32</a>
<a href="https://linux.oracle.com/cve/CVE-2021-46848.html">https://linux.oracle.com/cve/CVE-2021-46848.html</a>
@ -547,7 +574,7 @@
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0338.html">https://errata.almalinux.org/9/ALSA-2023-0338.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0173">https://errata.rockylinux.org/RLSA-2023:0173</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0338">https://errata.rockylinux.org/RLSA-2023:0338</a>
<a href="https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0">https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0</a>
<a href="https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3">https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3</a>
<a href="https://linux.oracle.com/cve/CVE-2022-40303.html">https://linux.oracle.com/cve/CVE-2022-40303.html</a>
@ -583,7 +610,7 @@
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0338.html">https://errata.almalinux.org/9/ALSA-2023-0338.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0173">https://errata.rockylinux.org/RLSA-2023:0173</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0338">https://errata.rockylinux.org/RLSA-2023:0338</a>
<a href="https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b">https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b</a>
<a href="https://gitlab.gnome.org/GNOME/libxml2/-/tags">https://gitlab.gnome.org/GNOME/libxml2/-/tags</a>
<a href="https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3">https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3</a>
@ -614,7 +641,7 @@
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2110291">https://bugzilla.redhat.com/show_bug.cgi?id=2110291</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35737">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35737</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0339.html">https://errata.almalinux.org/9/ALSA-2023-0339.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0110">https://errata.rockylinux.org/RLSA-2023:0110</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0339">https://errata.rockylinux.org/RLSA-2023:0339</a>
<a href="https://github.com/advisories/GHSA-jw36-hf63-69r9">https://github.com/advisories/GHSA-jw36-hf63-69r9</a>
<a href="https://kb.cert.org/vuls/id/720344">https://kb.cert.org/vuls/id/720344</a>
<a href="https://linux.oracle.com/cve/CVE-2022-35737.html">https://linux.oracle.com/cve/CVE-2022-35737.html</a>

View File

@ -117,6 +117,33 @@
]
}
},
{
"id": "CVE-2022-47629",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "libksba: integer overflow to code execution"
},
"fullDescription": {
"text": "Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser."
},
"defaultConfiguration": {
"level": "error"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-47629",
"help": {
"text": "Vulnerability CVE-2022-47629\nSeverity: HIGH\nPackage: libksba\nFixed Version: 1.3.5-9.el8_7\nLink: [CVE-2022-47629](https://avd.aquasec.com/nvd/cve-2022-47629)\nLibksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.",
"markdown": "**Vulnerability CVE-2022-47629**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|HIGH|libksba|1.3.5-9.el8_7|[CVE-2022-47629](https://avd.aquasec.com/nvd/cve-2022-47629)|\n\nLibksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser."
},
"properties": {
"precision": "very-high",
"security-severity": "8.0",
"tags": [
"vulnerability",
"security",
"HIGH"
]
}
},
{
"id": "CVE-2021-46848",
"name": "OsPackageVulnerability",
@ -582,8 +609,35 @@
]
},
{
"ruleId": "CVE-2021-46848",
"ruleId": "CVE-2022-47629",
"ruleIndex": 4,
"level": "error",
"message": {
"text": "Package: libksba\nInstalled Version: 1.3.5-8.el8_6\nVulnerability CVE-2022-47629\nSeverity: HIGH\nFixed Version: 1.3.5-9.el8_7\nLink: [CVE-2022-47629](https://avd.aquasec.com/nvd/cve-2022-47629)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: libksba@1.3.5-8.el8_6"
}
}
]
},
{
"ruleId": "CVE-2021-46848",
"ruleIndex": 5,
"level": "warning",
"message": {
"text": "Package: libtasn1\nInstalled Version: 4.13-3.el8\nVulnerability CVE-2021-46848\nSeverity: MEDIUM\nFixed Version: 4.13-4.el8_7\nLink: [CVE-2021-46848](https://avd.aquasec.com/nvd/cve-2021-46848)"
@ -610,7 +664,7 @@
},
{
"ruleId": "CVE-2022-40303",
"ruleIndex": 5,
"ruleIndex": 6,
"level": "warning",
"message": {
"text": "Package: libxml2\nInstalled Version: 2.9.7-15.el8\nVulnerability CVE-2022-40303\nSeverity: MEDIUM\nFixed Version: 2.9.7-15.el8_7.1\nLink: [CVE-2022-40303](https://avd.aquasec.com/nvd/cve-2022-40303)"
@ -637,7 +691,7 @@
},
{
"ruleId": "CVE-2022-40304",
"ruleIndex": 6,
"ruleIndex": 7,
"level": "warning",
"message": {
"text": "Package: libxml2\nInstalled Version: 2.9.7-15.el8\nVulnerability CVE-2022-40304\nSeverity: MEDIUM\nFixed Version: 2.9.7-15.el8_7.1\nLink: [CVE-2022-40304](https://avd.aquasec.com/nvd/cve-2022-40304)"
@ -664,7 +718,7 @@
},
{
"ruleId": "CVE-2022-35737",
"ruleIndex": 7,
"ruleIndex": 8,
"level": "warning",
"message": {
"text": "Package: sqlite-libs\nInstalled Version: 3.26.0-16.el8_6\nVulnerability CVE-2022-35737\nSeverity: MEDIUM\nFixed Version: 3.26.0-17.el8_7\nLink: [CVE-2022-35737](https://avd.aquasec.com/nvd/cve-2022-35737)"