sig_cloud
/
sig-cloud-instance-images
mirror of https://github.com/rocky-linux/sig-cloud-instance-images.git
5
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

deploy: 9faa504140

This commit is contained in:
NeilHanlon 2022-09-03 13:08:42 +00:00
parent 5fda33a583
commit f9996d1acc
2 changed files with 149 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
index.html
View File

@ -51,7 +51,7 @@
}
a.toggle-more-links { cursor: pointer; }
</style>
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-09-02 13:15:05.08642875 +0000 UTC m=+0.759440565 </title>
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-09-03 13:08:42.182119516 +0000 UTC m=+1.111515167 </title>
<script>
window.onload = function() {
document.querySelectorAll('td.links').forEach(function(linkCell) {
@ -81,7 +81,7 @@
</script>
</head>
<body>
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-09-02 13:15:05.08647245 +0000 UTC m=+0.759484365</h1>
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-09-03 13:08:42.182150216 +0000 UTC m=+1.111545867</h1>
<table>
<tr class="group-header"><th colspan="6">rocky</th></tr>
<tr class="sub-header">
@ -202,6 +202,51 @@
<a href="https://www.debian.org/security/2022/dsa-5197">https://www.debian.org/security/2022/dsa-5197</a>
</td>
</tr>
<tr class="severity-HIGH">
<td class="pkg-name">systemd</td>
<td>CVE-2022-2526</td>
<td class="severity">HIGH</td>
<td class="pkg-version">239-58.el8</td>
<td>239-58.el8_6.4</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2526.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2526.json</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-2526">https://access.redhat.com/security/cve/CVE-2022-2526</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2526">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2526</a>
<a href="https://linux.oracle.com/cve/CVE-2022-2526.html">https://linux.oracle.com/cve/CVE-2022-2526.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2022-6206.html">https://linux.oracle.com/errata/ELSA-2022-6206.html</a>
<a href="https://ubuntu.com/security/notices/USN-5583-1">https://ubuntu.com/security/notices/USN-5583-1</a>
</td>
</tr>
<tr class="severity-HIGH">
<td class="pkg-name">systemd-libs</td>
<td>CVE-2022-2526</td>
<td class="severity">HIGH</td>
<td class="pkg-version">239-58.el8</td>
<td>239-58.el8_6.4</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2526.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2526.json</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-2526">https://access.redhat.com/security/cve/CVE-2022-2526</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2526">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2526</a>
<a href="https://linux.oracle.com/cve/CVE-2022-2526.html">https://linux.oracle.com/cve/CVE-2022-2526.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2022-6206.html">https://linux.oracle.com/errata/ELSA-2022-6206.html</a>
<a href="https://ubuntu.com/security/notices/USN-5583-1">https://ubuntu.com/security/notices/USN-5583-1</a>
</td>
</tr>
<tr class="severity-HIGH">
<td class="pkg-name">systemd-pam</td>
<td>CVE-2022-2526</td>
<td class="severity">HIGH</td>
<td class="pkg-version">239-58.el8</td>
<td>239-58.el8_6.4</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2526.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2526.json</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-2526">https://access.redhat.com/security/cve/CVE-2022-2526</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2526">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2526</a>
<a href="https://linux.oracle.com/cve/CVE-2022-2526.html">https://linux.oracle.com/cve/CVE-2022-2526.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2022-6206.html">https://linux.oracle.com/errata/ELSA-2022-6206.html</a>
<a href="https://ubuntu.com/security/notices/USN-5583-1">https://ubuntu.com/security/notices/USN-5583-1</a>
</td>
</tr>
<tr class="severity-MEDIUM">
<td class="pkg-name">vim-minimal</td>
<td>CVE-2022-1785</td>

105
trivy-results.sarif
View File

@ -63,6 +63,33 @@
]
}
},
{
"id": "CVE-2022-2526",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "CVE-2022-2526"
},
"fullDescription": {
"text": "A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in \u0026#39;resolved-dns-stream.c\u0026#39; not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later."
},
"defaultConfiguration": {
"level": "error"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-2526",
"help": {
"text": "Vulnerability CVE-2022-2526\nSeverity: HIGH\nPackage: systemd-pam\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)\nA use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.",
"markdown": "**Vulnerability CVE-2022-2526**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|HIGH|systemd-pam|239-58.el8_6.4|[CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)|\n\nA use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later."
},
"properties": {
"precision": "very-high",
"security-severity": "8.0",
"tags": [
"vulnerability",
"security",
"HIGH"
]
}
},
{
"id": "CVE-2022-1785",
"name": "OsPackageVulnerability",
@ -246,8 +273,80 @@
]
},
{
"ruleId": "CVE-2022-1785",
"ruleId": "CVE-2022-2526",
"ruleIndex": 2,
"level": "error",
"message": {
"text": "Package: systemd\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: HIGH\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2022-2526",
"ruleIndex": 2,
"level": "error",
"message": {
"text": "Package: systemd-libs\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: HIGH\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2022-2526",
"ruleIndex": 2,
"level": "error",
"message": {
"text": "Package: systemd-pam\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: HIGH\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2022-1785",
"ruleIndex": 3,
"level": "warning",
"message": {
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1785\nSeverity: MEDIUM\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1785](https://avd.aquasec.com/nvd/cve-2022-1785)"
@ -271,7 +370,7 @@
},
{
"ruleId": "CVE-2022-1897",
"ruleIndex": 3,
"ruleIndex": 4,
"level": "warning",
"message": {
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1897\nSeverity: MEDIUM\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1897](https://avd.aquasec.com/nvd/cve-2022-1897)"
@ -295,7 +394,7 @@
},
{
"ruleId": "CVE-2022-1927",
"ruleIndex": 4,
"ruleIndex": 5,
"level": "warning",
"message": {
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1927\nSeverity: MEDIUM\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1927](https://avd.aquasec.com/nvd/cve-2022-1927)"