Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerabilities found in latest release #35

Open
SaschaSchwarze0 opened this issue Oct 3, 2024 · 0 comments
Open

Vulnerabilities found in latest release #35

SaschaSchwarze0 opened this issue Oct 3, 2024 · 0 comments
Labels
release-vulnerabilities

Comments

@SaschaSchwarze0
Copy link
Owner

SaschaSchwarze0 commented Oct 3, 2024
edited
Loading

ghcr.io/shipwright-io/build/bundle:v0.13.0@sha256:17b2a2adab6300ac0dcda6d2897cdcf9ae1482e5e42254cc24bc9805bac7d26d

OS vulnerabilities

Vulnerability Package Severity Version
CVE-2024-2398 curl-minimal medium 7.76.1-29.el9_4 -> 7.76.1-29.el9_4.1
CVE-2024-34397 glib2 medium 2.68.4-14.el9 -> 2.68.4-14.el9_4.1
CVE-2024-2961 glibc high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33599 glibc high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33600 glibc medium 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33601 glibc low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33602 glibc low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-2961 glibc-common high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33599 glibc-common high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33600 glibc-common medium 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33601 glibc-common low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33602 glibc-common low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-2961 glibc-minimal-langpack high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33599 glibc-minimal-langpack high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33600 glibc-minimal-langpack medium 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33601 glibc-minimal-langpack low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33602 glibc-minimal-langpack low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-37370 krb5-libs medium 1.21.1-1.el9 -> 1.21.1-2.el9_4
CVE-2024-37371 krb5-libs medium 1.21.1-1.el9 -> 1.21.1-2.el9_4
CVE-2024-2398 libcurl-minimal medium 7.76.1-29.el9_4 -> 7.76.1-29.el9_4.1
CVE-2024-28182 libnghttp2 medium 1.43.0-5.el9_3.1 -> 1.43.0-5.el9_4.3
CVE-2024-6119 openssl-libs medium 1:3.0.7-27.el9 -> 1:3.0.7-28.el9_4

Go vulnerabilities

Vulnerability Package Version
GO-2024-2887 stdlib v1.21.9 -> v1.21.11
GO-2024-2888 stdlib v1.21.9 -> v1.21.11
GO-2024-2963 stdlib v1.21.9 -> v1.21.12
GO-2024-3005 github.com/docker/docker v24.0.9+incompatible -> v25.0.6+incompatible
GO-2024-3105 stdlib v1.21.9 -> v1.22.7
GO-2024-3106 stdlib v1.21.9 -> v1.22.7
GO-2024-3107 stdlib v1.21.9 -> v1.22.7

ghcr.io/shipwright-io/build/git:v0.13.0@sha256:88c69b955621d3029f049c3cb714c21a6c573563a199cd1159e2fdcc48eb1145

OS vulnerabilities

Vulnerability Package Severity Version
CVE-2024-2398 curl-minimal medium 7.76.1-29.el9_4 -> 7.76.1-29.el9_4.1
CVE-2024-39331 emacs-filesystem medium 1:27.2-9.el9 -> 1:27.2-10.el9_4
CVE-2024-45490 expat medium 2.5.0-2.el9_4 -> 2.5.0-2.el9_4.1
CVE-2024-45491 expat medium 2.5.0-2.el9_4 -> 2.5.0-2.el9_4.1
CVE-2024-45492 expat medium 2.5.0-2.el9_4 -> 2.5.0-2.el9_4.1
CVE-2024-32002 git high 2.43.0-1.el9 -> 2.43.5-1.el9_4
CVE-2024-32004 git high 2.43.0-1.el9 -> 2.43.5-1.el9_4
CVE-2024-32465 git medium 2.43.0-1.el9 -> 2.43.5-1.el9_4
CVE-2024-32020 git low 2.43.0-1.el9 -> 2.43.5-1.el9_4
CVE-2024-32021 git low 2.43.0-1.el9 -> 2.43.5-1.el9_4
CVE-2024-32002 git-core high 2.43.0-1.el9 -> 2.43.5-1.el9_4
CVE-2024-32004 git-core high 2.43.0-1.el9 -> 2.43.5-1.el9_4
CVE-2024-32465 git-core medium 2.43.0-1.el9 -> 2.43.5-1.el9_4
CVE-2024-32020 git-core low 2.43.0-1.el9 -> 2.43.5-1.el9_4
CVE-2024-32021 git-core low 2.43.0-1.el9 -> 2.43.5-1.el9_4
CVE-2024-32002 git-core-doc high 2.43.0-1.el9 -> 2.43.5-1.el9_4
CVE-2024-32004 git-core-doc high 2.43.0-1.el9 -> 2.43.5-1.el9_4
CVE-2024-32465 git-core-doc medium 2.43.0-1.el9 -> 2.43.5-1.el9_4
CVE-2024-32020 git-core-doc low 2.43.0-1.el9 -> 2.43.5-1.el9_4
CVE-2024-32021 git-core-doc low 2.43.0-1.el9 -> 2.43.5-1.el9_4
CVE-2023-45288 git-lfs high 3.4.1-1.el9 -> 3.4.1-2.el9_4
CVE-2024-34156 git-lfs high 3.4.1-1.el9 -> 3.4.1-4.el9_4
CVE-2023-45289 git-lfs medium 3.4.1-1.el9 -> 3.4.1-2.el9_4
CVE-2023-45290 git-lfs medium 3.4.1-1.el9 -> 3.4.1-2.el9_4
CVE-2024-24783 git-lfs medium 3.4.1-1.el9 -> 3.4.1-2.el9_4
CVE-2024-34397 glib2 medium 2.68.4-14.el9 -> 2.68.4-14.el9_4.1
CVE-2024-2961 glibc high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33599 glibc high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33600 glibc medium 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33601 glibc low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33602 glibc low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-2961 glibc-common high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33599 glibc-common high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33600 glibc-common medium 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33601 glibc-common low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33602 glibc-common low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-2961 glibc-minimal-langpack high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33599 glibc-minimal-langpack high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33600 glibc-minimal-langpack medium 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33601 glibc-minimal-langpack low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33602 glibc-minimal-langpack low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-37370 krb5-libs medium 1.21.1-1.el9 -> 1.21.1-2.el9_4
CVE-2024-37371 krb5-libs medium 1.21.1-1.el9 -> 1.21.1-2.el9_4
CVE-2024-32487 less high 590-3.el9_3 -> 590-4.el9_4
CVE-2024-2398 libcurl-minimal medium 7.76.1-29.el9_4 -> 7.76.1-29.el9_4.1
CVE-2024-28182 libnghttp2 medium 1.43.0-5.el9_3.1 -> 1.43.0-5.el9_4.3
CVE-2024-6387 openssh high 8.7p1-38.el9 -> 8.7p1-38.el9_4.1
CVE-2024-6409 openssh medium 8.7p1-38.el9 -> 8.7p1-38.el9_4.4
CVE-2024-6387 openssh-clients high 8.7p1-38.el9 -> 8.7p1-38.el9_4.1
CVE-2024-6409 openssh-clients medium 8.7p1-38.el9 -> 8.7p1-38.el9_4.4
CVE-2024-6119 openssl medium 1:3.0.7-27.el9 -> 1:3.0.7-28.el9_4
CVE-2024-6119 openssl-libs medium 1:3.0.7-27.el9 -> 1:3.0.7-28.el9_4
CVE-2024-32002 perl-Git high 2.43.0-1.el9 -> 2.43.5-1.el9_4
CVE-2024-32004 perl-Git high 2.43.0-1.el9 -> 2.43.5-1.el9_4
CVE-2024-32465 perl-Git medium 2.43.0-1.el9 -> 2.43.5-1.el9_4
CVE-2024-32020 perl-Git low 2.43.0-1.el9 -> 2.43.5-1.el9_4
CVE-2024-32021 perl-Git low 2.43.0-1.el9 -> 2.43.5-1.el9_4

Go vulnerabilities

Vulnerability Package Version
GO-2024-2887 stdlib v1.21.9 -> v1.21.11
GO-2024-2888 stdlib v1.21.9 -> v1.21.11
GO-2024-2963 stdlib v1.21.9 -> v1.21.12
GO-2024-3105 stdlib v1.21.9 -> v1.22.7
GO-2024-3106 stdlib v1.21.9 -> v1.22.7
GO-2024-3107 stdlib v1.21.9 -> v1.22.7

ghcr.io/shipwright-io/build/image-processing:v0.13.0@sha256:a8290360b5d774bdf5d4b6abd1c0a73810b74b7fb5cf1aa54a38c089123458c2

OS vulnerabilities

Vulnerability Package Severity Version
CVE-2024-2398 curl-minimal medium 7.76.1-29.el9_4 -> 7.76.1-29.el9_4.1
CVE-2024-34397 glib2 medium 2.68.4-14.el9 -> 2.68.4-14.el9_4.1
CVE-2024-2961 glibc high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33599 glibc high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33600 glibc medium 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33601 glibc low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33602 glibc low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-2961 glibc-common high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33599 glibc-common high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33600 glibc-common medium 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33601 glibc-common low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33602 glibc-common low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-2961 glibc-minimal-langpack high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33599 glibc-minimal-langpack high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33600 glibc-minimal-langpack medium 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33601 glibc-minimal-langpack low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33602 glibc-minimal-langpack low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-37370 krb5-libs medium 1.21.1-1.el9 -> 1.21.1-2.el9_4
CVE-2024-37371 krb5-libs medium 1.21.1-1.el9 -> 1.21.1-2.el9_4
CVE-2024-2398 libcurl-minimal medium 7.76.1-29.el9_4 -> 7.76.1-29.el9_4.1
CVE-2024-28182 libnghttp2 medium 1.43.0-5.el9_3.1 -> 1.43.0-5.el9_4.3
CVE-2024-6119 openssl-libs medium 1:3.0.7-27.el9 -> 1:3.0.7-28.el9_4

Go vulnerabilities

Vulnerability Package Version
GO-2024-2887 stdlib v1.21.9 -> v1.21.11
GO-2024-2888 stdlib v1.21.9 -> v1.21.11
GO-2024-2963 stdlib v1.21.9 -> v1.21.12
GO-2024-3005 github.com/docker/docker v24.0.9+incompatible -> v25.0.6+incompatible
GO-2024-3105 stdlib v1.21.9 -> v1.22.7
GO-2024-3106 stdlib v1.21.9 -> v1.22.7
GO-2024-3107 stdlib v1.21.9 -> v1.22.7

ghcr.io/shipwright-io/build/shipwright-build-controller:v0.13.0@sha256:1f0a762f579d9e1722f0524dd570817090d56bbf23bca88d7c09e3b8f0b5801b

OS vulnerabilities

Vulnerability Package Severity Version
CVE-2024-2398 curl-minimal medium 7.76.1-29.el9_4 -> 7.76.1-29.el9_4.1
CVE-2024-34397 glib2 medium 2.68.4-14.el9 -> 2.68.4-14.el9_4.1
CVE-2024-2961 glibc high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33599 glibc high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33600 glibc medium 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33601 glibc low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33602 glibc low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-2961 glibc-common high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33599 glibc-common high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33600 glibc-common medium 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33601 glibc-common low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33602 glibc-common low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-2961 glibc-minimal-langpack high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33599 glibc-minimal-langpack high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33600 glibc-minimal-langpack medium 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33601 glibc-minimal-langpack low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33602 glibc-minimal-langpack low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-37370 krb5-libs medium 1.21.1-1.el9 -> 1.21.1-2.el9_4
CVE-2024-37371 krb5-libs medium 1.21.1-1.el9 -> 1.21.1-2.el9_4
CVE-2024-2398 libcurl-minimal medium 7.76.1-29.el9_4 -> 7.76.1-29.el9_4.1
CVE-2024-28182 libnghttp2 medium 1.43.0-5.el9_3.1 -> 1.43.0-5.el9_4.3
CVE-2024-6119 openssl-libs medium 1:3.0.7-27.el9 -> 1:3.0.7-28.el9_4

Go vulnerabilities

Vulnerability Package Version
GO-2024-2887 stdlib v1.21.9 -> v1.21.11
GO-2024-2888 stdlib v1.21.9 -> v1.21.11
GO-2024-2963 stdlib v1.21.9 -> v1.21.12
GO-2024-3105 stdlib v1.21.9 -> v1.22.7
GO-2024-3106 stdlib v1.21.9 -> v1.22.7
GO-2024-3107 stdlib v1.21.9 -> v1.22.7

ghcr.io/shipwright-io/build/shipwright-build-webhook:v0.13.0@sha256:27a15838b3297dbf739e1a524cf510b87896923bb6b599ac9a6a043a9b483e2d

OS vulnerabilities

Vulnerability Package Severity Version
CVE-2024-2398 curl-minimal medium 7.76.1-29.el9_4 -> 7.76.1-29.el9_4.1
CVE-2024-34397 glib2 medium 2.68.4-14.el9 -> 2.68.4-14.el9_4.1
CVE-2024-2961 glibc high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33599 glibc high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33600 glibc medium 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33601 glibc low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33602 glibc low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-2961 glibc-common high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33599 glibc-common high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33600 glibc-common medium 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33601 glibc-common low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33602 glibc-common low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-2961 glibc-minimal-langpack high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33599 glibc-minimal-langpack high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33600 glibc-minimal-langpack medium 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33601 glibc-minimal-langpack low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33602 glibc-minimal-langpack low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-37370 krb5-libs medium 1.21.1-1.el9 -> 1.21.1-2.el9_4
CVE-2024-37371 krb5-libs medium 1.21.1-1.el9 -> 1.21.1-2.el9_4
CVE-2024-2398 libcurl-minimal medium 7.76.1-29.el9_4 -> 7.76.1-29.el9_4.1
CVE-2024-28182 libnghttp2 medium 1.43.0-5.el9_3.1 -> 1.43.0-5.el9_4.3
CVE-2024-6119 openssl-libs medium 1:3.0.7-27.el9 -> 1:3.0.7-28.el9_4

Go vulnerabilities

Vulnerability Package Version
GO-2024-2887 stdlib v1.21.9 -> v1.21.11
GO-2024-2888 stdlib v1.21.9 -> v1.21.11
GO-2024-2963 stdlib v1.21.9 -> v1.21.12
GO-2024-3105 stdlib v1.21.9 -> v1.22.7
GO-2024-3106 stdlib v1.21.9 -> v1.22.7
GO-2024-3107 stdlib v1.21.9 -> v1.22.7

ghcr.io/shipwright-io/build/waiter:v0.13.0@sha256:5d9e124f117dd1b0e6bf3ac1e83370ffc454ab6e2e7f83edd38208004c799dab

OS vulnerabilities

Vulnerability Package Severity Version
CVE-2024-2398 curl-minimal medium 7.76.1-29.el9_4 -> 7.76.1-29.el9_4.1
CVE-2024-34397 glib2 medium 2.68.4-14.el9 -> 2.68.4-14.el9_4.1
CVE-2024-2961 glibc high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33599 glibc high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33600 glibc medium 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33601 glibc low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33602 glibc low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-2961 glibc-common high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33599 glibc-common high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33600 glibc-common medium 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33601 glibc-common low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33602 glibc-common low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-2961 glibc-minimal-langpack high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33599 glibc-minimal-langpack high 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33600 glibc-minimal-langpack medium 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33601 glibc-minimal-langpack low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-33602 glibc-minimal-langpack low 2.34-100.el9 -> 2.34-100.el9_4.2
CVE-2024-37370 krb5-libs medium 1.21.1-1.el9 -> 1.21.1-2.el9_4
CVE-2024-37371 krb5-libs medium 1.21.1-1.el9 -> 1.21.1-2.el9_4
CVE-2024-2398 libcurl-minimal medium 7.76.1-29.el9_4 -> 7.76.1-29.el9_4.1
CVE-2024-28182 libnghttp2 medium 1.43.0-5.el9_3.1 -> 1.43.0-5.el9_4.3
CVE-2024-6119 openssl-libs medium 1:3.0.7-27.el9 -> 1:3.0.7-28.el9_4

Go vulnerabilities

Vulnerability Package Version
GO-2024-2887 stdlib v1.21.9 -> v1.21.11
GO-2024-2888 stdlib v1.21.9 -> v1.21.11
GO-2024-2963 stdlib v1.21.9 -> v1.21.12
GO-2024-3105 stdlib v1.21.9 -> v1.22.7
GO-2024-3106 stdlib v1.21.9 -> v1.22.7
GO-2024-3107 stdlib v1.21.9 -> v1.22.7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
release-vulnerabilities
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@SaschaSchwarze0