Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability Advisor failing on ibmjava:8-sdk #91

Open
gee4vee opened this issue Apr 6, 2020 · 0 comments
Open

Vulnerability Advisor failing on ibmjava:8-sdk #91

gee4vee opened this issue Apr 6, 2020 · 0 comments

Comments

@gee4vee
Copy link

gee4vee commented Apr 6, 2020
edited
Loading

Vulnerability Advisor is failing with the following issues. Several are at least moderate severity and so should be addressed ASAP.

The scan results show that 10 ISSUES were found for the image.

Vulnerable Packages Found
=========================

CVE-2019-5436

   Policy Status
   Active

   Summary
   The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
* curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.

   Vendor Security Notice IDs   Official Notice   
   RHSA-2020:1020               https://access.redhat.com/errata/RHSA-2020:1020   

   Affected Packages   Policy Status   How to Resolve                        Security Notice   
   curl                Active          Upgrade curl to >= 7.29.0-57.el7      RHSA-2020:1020   
   libcurl             Active          Upgrade libcurl to >= 7.29.0-57.el7   RHSA-2020:1020   


CVE-2019-9924

   Policy Status
   Active

   Summary
   The bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux.
Security Fix(es):
* bash: BASH_CMD is writable in restricted bash shells (CVE-2019-9924)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.

   Vendor Security Notice IDs   Official Notice   
   RHSA-2020:1113               https://access.redhat.com/errata/RHSA-2020:1113   

   Affected Packages   Policy Status   How to Resolve                     Security Notice   
   bash                Active          Upgrade bash to >= 4.2.46-34.el7   RHSA-2020:1113   


CVE-2015-2716

   Policy Status
   Active

   Summary
   Expat is a C library for parsing XML documents.
Security Fix(es):
* expat: Integer overflow leading to buffer overflow in XML_GetBuffer() (CVE-2015-2716)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.

   Vendor Security Notice IDs   Official Notice   
   RHSA-2020:1011               https://access.redhat.com/errata/RHSA-2020:1011   

   Affected Packages   Policy Status   How to Resolve                     Security Notice   
   expat               Active          Upgrade expat to >= 2.1.0-11.el7   RHSA-2020:1011   


CVE-2015-8035

   Policy Status
   Active

   Summary
   The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)
* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)
* libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)
* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)
* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)
* libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.

   Vendor Security Notice IDs   Official Notice   
   RHSA-2020:1190               https://access.redhat.com/errata/RHSA-2020:1190   

   Affected Packages   Policy Status   How to Resolve                        Security Notice   
   libxml2             Active          Upgrade libxml2 to >= 2.9.1-6.el7.4   RHSA-2020:1190   


CVE-2016-5131

   Policy Status
   Active

   Summary
   The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)
* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)
* libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)
* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)
* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)
* libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.

   Vendor Security Notice IDs   Official Notice   
   RHSA-2020:1190               https://access.redhat.com/errata/RHSA-2020:1190   

   Affected Packages   Policy Status   How to Resolve                        Security Notice   
   libxml2             Active          Upgrade libxml2 to >= 2.9.1-6.el7.4   RHSA-2020:1190   


CVE-2017-15412

   Policy Status
   Active

   Summary
   The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)
* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)
* libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)
* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)
* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)
* libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.

   Vendor Security Notice IDs   Official Notice   
   RHSA-2020:1190               https://access.redhat.com/errata/RHSA-2020:1190   

   Affected Packages   Policy Status   How to Resolve                        Security Notice   
   libxml2             Active          Upgrade libxml2 to >= 2.9.1-6.el7.4   RHSA-2020:1190   


CVE-2017-18258

   Policy Status
   Active

   Summary
   The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)
* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)
* libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)
* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)
* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)
* libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.

   Vendor Security Notice IDs   Official Notice   
   RHSA-2020:1190               https://access.redhat.com/errata/RHSA-2020:1190   

   Affected Packages   Policy Status   How to Resolve                        Security Notice   
   libxml2             Active          Upgrade libxml2 to >= 2.9.1-6.el7.4   RHSA-2020:1190   


CVE-2018-14404

   Policy Status
   Active

   Summary
   The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)
* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)
* libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)
* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)
* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)
* libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.

   Vendor Security Notice IDs   Official Notice   
   RHSA-2020:1190               https://access.redhat.com/errata/RHSA-2020:1190   

   Affected Packages   Policy Status   How to Resolve                        Security Notice   
   libxml2             Active          Upgrade libxml2 to >= 2.9.1-6.el7.4   RHSA-2020:1190   


CVE-2018-14567

   Policy Status
   Active

   Summary
   The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)
* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)
* libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)
* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)
* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)
* libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.

   Vendor Security Notice IDs   Official Notice   
   RHSA-2020:1190               https://access.redhat.com/errata/RHSA-2020:1190   

   Affected Packages   Policy Status   How to Resolve                        Security Notice   
   libxml2             Active          Upgrade libxml2 to >= 2.9.1-6.el7.4   RHSA-2020:1190   


CVE-2019-3820

   Policy Status
   Active

   Summary
   GNOME is the default desktop environment of Red Hat Enterprise Linux.
Security Fix(es):
* gnome-shell: partial lock screen bypass (CVE-2019-3820)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.

   Vendor Security Notice IDs   Official Notice   
   RHSA-2020:1021               https://access.redhat.com/errata/RHSA-2020:1021   

   Affected Packages   Policy Status   How to Resolve                             Security Notice   
   shared-mime-info    Active          Upgrade shared-mime-info to >= 1.8-5.el7   RHSA-2020:1021   



OK
ERROR: The vulnerability scan was not successful, check the OUTPUT of the command and try again.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gee4vee