6.0.4.4.z-aci-containers-host-ovscni-10031-2024-11-11_10:08:07

Commit: d090ca19b2ebe458b0f15e91dc685e6ba807e693 Tags: 6.0.4.4.81c2369.z, 6.0.4.4.81c2369.111124.10031 ImageId: sha256:84cbe40d7b9766c014bae352e42917b5aa83be057394c2e8058c34d41cc47679 DockerSha: ebcf8cb31f4822db5c68c5117e62a076805c8bcad339d839ccd831fc7983b1dc QuaySha: ebcf8cb31f4822db5c68c5117e62a076805c8bcad339d839ccd831fc7983b1dc
noironetworks · Nov 11, 2024 · 20834c9 · 20834c9
1 parent 6837a5a
commit 20834c9
Show file tree

Hide file tree

Showing 43 changed files with 14,816 additions and 14,610 deletions.
diff --git a/docs/release_artifacts/6.0.4.4/z/aci-containers-host-ovscni/6.0.4.4-buildlog.txt b/docs/release_artifacts/6.0.4.4/z/aci-containers-host-ovscni/6.0.4.4-buildlog.txt
diff --git a/docs/release_artifacts/6.0.4.4/z/aci-containers-host-ovscni/6.0.4.4-cve.txt b/docs/release_artifacts/6.0.4.4/z/aci-containers-host-ovscni/6.0.4.4-cve.txt
@@ -4,7 +4,7 @@ k8s.io/kubernetes  v1.29.0    1.29.4    go-module  GHSA-pxhw-596r-rwq5  Low
 
 quay.io/noiro/aci-containers-host-ovscni:6.0.4.4.81c2369.z (redhat 9.4)
 =======================================================================
-Total: 83 (UNKNOWN: 0, LOW: 49, MEDIUM: 26, HIGH: 8, CRITICAL: 0)
+Total: 84 (UNKNOWN: 0, LOW: 49, MEDIUM: 29, HIGH: 6, CRITICAL: 0)
 
 ┌─────────────────────────────┬────────────────┬──────────┬─────────────────────┬─────────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐
 │           Library           │ Vulnerability  │ Severity │       Status        │  Installed Version  │ Fixed Version │                            Title                             │
@@ -22,28 +22,28 @@ Total: 83 (UNKNOWN: 0, LOW: 49, MEDIUM: 26, HIGH: 8, CRITICAL: 0)
 │                             │ CVE-2024-1975  │          │                     │                     │               │ bind9: bind: SIG(0) can be used to exhaust CPU resources     │
 │                             │                │          │                     │                     │               │ https://avd.aquasec.com/nvd/cve-2024-1975                    │
 │                             ├────────────────┤          │                     │                     ├───────────────┼──────────────────────────────────────────────────────────────┤
-│                             │ CVE-2024-3661  │          │                     │                     │               │ DHCP: DHCP routing options can manipulate interface-based    │
-│                             │                │          │                     │                     │               │ VPN traffic                                                  │
-│                             │                │          │                     │                     │               │ https://avd.aquasec.com/nvd/cve-2024-3661                    │
-│                             ├────────────────┤          │                     │                     ├───────────────┼──────────────────────────────────────────────────────────────┤
 │                             │ CVE-2024-4076  │          │                     │                     │               │ bind: bind9: Assertion failure when serving both stale cache │
 │                             │                │          │                     │                     │               │ data and authoritative...                                    │
 │                             │                │          │                     │                     │               │ https://avd.aquasec.com/nvd/cve-2024-4076                    │
-├─────────────────────────────┼────────────────┤          │                     │                     ├───────────────┼──────────────────────────────────────────────────────────────┤
-│ dhcp-common                 │ CVE-2024-1737  │          │                     │                     │               │ bind: bind9: BIND's database will be slow if a very large    │
+│                             ├────────────────┼──────────┤                     │                     ├───────────────┼──────────────────────────────────────────────────────────────┤
+│                             │ CVE-2024-3661  │ MEDIUM   │                     │                     │               │ DHCP: DHCP routing options can manipulate interface-based    │
+│                             │                │          │                     │                     │               │ VPN traffic                                                  │
+│                             │                │          │                     │                     │               │ https://avd.aquasec.com/nvd/cve-2024-3661                    │
+├─────────────────────────────┼────────────────┼──────────┤                     │                     ├───────────────┼──────────────────────────────────────────────────────────────┤
+│ dhcp-common                 │ CVE-2024-1737  │ HIGH     │                     │                     │               │ bind: bind9: BIND's database will be slow if a very large    │
 │                             │                │          │                     │                     │               │ number...                                                    │
 │                             │                │          │                     │                     │               │ https://avd.aquasec.com/nvd/cve-2024-1737                    │
 │                             ├────────────────┤          │                     │                     ├───────────────┼──────────────────────────────────────────────────────────────┤
 │                             │ CVE-2024-1975  │          │                     │                     │               │ bind9: bind: SIG(0) can be used to exhaust CPU resources     │
 │                             │                │          │                     │                     │               │ https://avd.aquasec.com/nvd/cve-2024-1975                    │
 │                             ├────────────────┤          │                     │                     ├───────────────┼──────────────────────────────────────────────────────────────┤
-│                             │ CVE-2024-3661  │          │                     │                     │               │ DHCP: DHCP routing options can manipulate interface-based    │
-│                             │                │          │                     │                     │               │ VPN traffic                                                  │
-│                             │                │          │                     │                     │               │ https://avd.aquasec.com/nvd/cve-2024-3661                    │
-│                             ├────────────────┤          │                     │                     ├───────────────┼──────────────────────────────────────────────────────────────┤
 │                             │ CVE-2024-4076  │          │                     │                     │               │ bind: bind9: Assertion failure when serving both stale cache │
 │                             │                │          │                     │                     │               │ data and authoritative...                                    │
 │                             │                │          │                     │                     │               │ https://avd.aquasec.com/nvd/cve-2024-4076                    │
+│                             ├────────────────┼──────────┤                     │                     ├───────────────┼──────────────────────────────────────────────────────────────┤
+│                             │ CVE-2024-3661  │ MEDIUM   │                     │                     │               │ DHCP: DHCP routing options can manipulate interface-based    │
+│                             │                │          │                     │                     │               │ VPN traffic                                                  │
+│                             │                │          │                     │                     │               │ https://avd.aquasec.com/nvd/cve-2024-3661                    │
 ├─────────────────────────────┼────────────────┼──────────┼─────────────────────┼─────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
 │ elfutils-default-yama-scope │ CVE-2024-25260 │ LOW      │ will_not_fix        │ 0.191-4.el9         │               │ elfutils: global-buffer-overflow exists in the function      │
 │                             │                │          │                     │                     │               │ ebl_machine_flag_name in eblmachineflagname.c                │
@@ -203,6 +203,10 @@ Total: 83 (UNKNOWN: 0, LOW: 49, MEDIUM: 26, HIGH: 8, CRITICAL: 0)
 ├─────────────────────────────┼────────────────┼──────────┤                     ├─────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
 │ pam                         │ CVE-2024-10041 │ MEDIUM   │                     │ 1.5.1-20.el9        │               │ pam: libpam: Libpam vulnerable to read hashed password       │
 │                             │                │          │                     │                     │               │ https://avd.aquasec.com/nvd/cve-2024-10041                   │
+│                             ├────────────────┤          │                     │                     ├───────────────┼──────────────────────────────────────────────────────────────┤
+│                             │ CVE-2024-10963 │          │                     │                     │               │ pam: Improper Hostname Interpretation in pam_access Leads to │
+│                             │                │          │                     │                     │               │ Access Control Bypass                                        │
+│                             │                │          │                     │                     │               │ https://avd.aquasec.com/nvd/cve-2024-10963                   │
 ├─────────────────────────────┼────────────────┼──────────┼─────────────────────┼─────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
 │ pcre2                       │ CVE-2022-41409 │ LOW      │ will_not_fix        │ 10.40-6.el9         │               │ pcre2: negative repeat value in a pcre2test subject line     │
 │                             │                │          │                     │                     │               │ leads to inifinite...                                        │

diff --git a/docs/release_artifacts/6.1.1.2/z/acc-provision-operator/6.1.1.2-cve-base.txt b/docs/release_artifacts/6.1.1.2/z/acc-provision-operator/6.1.1.2-cve-base.txt
diff --git a/docs/release_artifacts/6.1.1.2/z/acc-provision-operator/6.1.1.2-quay-cve.txt b/docs/release_artifacts/6.1.1.2/z/acc-provision-operator/6.1.1.2-quay-cve.txt
diff --git a/docs/release_artifacts/6.1.1.2/z/aci-containers-certmanager/6.1.1.2-cve-base.txt b/docs/release_artifacts/6.1.1.2/z/aci-containers-certmanager/6.1.1.2-cve-base.txt
diff --git a/docs/release_artifacts/6.1.1.2/z/aci-containers-certmanager/6.1.1.2-quay-cve.txt b/docs/release_artifacts/6.1.1.2/z/aci-containers-certmanager/6.1.1.2-quay-cve.txt
diff --git a/docs/release_artifacts/6.1.1.2/z/aci-containers-controller/6.1.1.2-cve-base.txt b/docs/release_artifacts/6.1.1.2/z/aci-containers-controller/6.1.1.2-cve-base.txt
diff --git a/docs/release_artifacts/6.1.1.2/z/aci-containers-controller/6.1.1.2-quay-cve.txt b/docs/release_artifacts/6.1.1.2/z/aci-containers-controller/6.1.1.2-quay-cve.txt
diff --git a/docs/release_artifacts/6.1.1.2/z/aci-containers-host-ovscni/6.1.1.2-cve-base.txt b/docs/release_artifacts/6.1.1.2/z/aci-containers-host-ovscni/6.1.1.2-cve-base.txt
diff --git a/docs/release_artifacts/6.1.1.2/z/aci-containers-host-ovscni/6.1.1.2-quay-cve.txt b/docs/release_artifacts/6.1.1.2/z/aci-containers-host-ovscni/6.1.1.2-quay-cve.txt
diff --git a/docs/release_artifacts/6.1.1.2/z/aci-containers-host/6.1.1.2-cve-base.txt b/docs/release_artifacts/6.1.1.2/z/aci-containers-host/6.1.1.2-cve-base.txt
diff --git a/docs/release_artifacts/6.1.1.2/z/aci-containers-host/6.1.1.2-quay-cve.txt b/docs/release_artifacts/6.1.1.2/z/aci-containers-host/6.1.1.2-quay-cve.txt
diff --git a/docs/release_artifacts/6.1.1.2/z/aci-containers-operator/6.1.1.2-cve-base.txt b/docs/release_artifacts/6.1.1.2/z/aci-containers-operator/6.1.1.2-cve-base.txt
diff --git a/docs/release_artifacts/6.1.1.2/z/aci-containers-operator/6.1.1.2-quay-cve.txt b/docs/release_artifacts/6.1.1.2/z/aci-containers-operator/6.1.1.2-quay-cve.txt
diff --git a/docs/release_artifacts/6.1.1.2/z/aci-containers-webhook/6.1.1.2-cve-base.txt b/docs/release_artifacts/6.1.1.2/z/aci-containers-webhook/6.1.1.2-cve-base.txt
diff --git a/docs/release_artifacts/6.1.1.2/z/aci-containers-webhook/6.1.1.2-quay-cve.txt b/docs/release_artifacts/6.1.1.2/z/aci-containers-webhook/6.1.1.2-quay-cve.txt
diff --git a/docs/release_artifacts/6.1.1.2/z/cnideploy/6.1.1.2-cve-base.txt b/docs/release_artifacts/6.1.1.2/z/cnideploy/6.1.1.2-cve-base.txt
diff --git a/docs/release_artifacts/6.1.1.2/z/cnideploy/6.1.1.2-quay-cve.txt b/docs/release_artifacts/6.1.1.2/z/cnideploy/6.1.1.2-quay-cve.txt
diff --git a/docs/release_artifacts/6.1.1.2/z/openvswitch/6.1.1.2-cve-base.txt b/docs/release_artifacts/6.1.1.2/z/openvswitch/6.1.1.2-cve-base.txt
diff --git a/docs/release_artifacts/6.1.1.2/z/openvswitch/6.1.1.2-quay-cve.txt b/docs/release_artifacts/6.1.1.2/z/openvswitch/6.1.1.2-quay-cve.txt
diff --git a/docs/release_artifacts/6.1.1.2/z/opflex/6.1.1.2-cve-base.txt b/docs/release_artifacts/6.1.1.2/z/opflex/6.1.1.2-cve-base.txt
diff --git a/docs/release_artifacts/6.1.1.2/z/opflex/6.1.1.2-quay-cve.txt b/docs/release_artifacts/6.1.1.2/z/opflex/6.1.1.2-quay-cve.txt
diff --git a/docs/release_artifacts/6.1.2.1/z/acc-provision-operator/6.1.2.1-cve-base.txt b/docs/release_artifacts/6.1.2.1/z/acc-provision-operator/6.1.2.1-cve-base.txt
diff --git a/docs/release_artifacts/6.1.2.1/z/acc-provision-operator/6.1.2.1-quay-cve.txt b/docs/release_artifacts/6.1.2.1/z/acc-provision-operator/6.1.2.1-quay-cve.txt
diff --git a/docs/release_artifacts/6.1.2.1/z/aci-containers-certmanager/6.1.2.1-cve-base.txt b/docs/release_artifacts/6.1.2.1/z/aci-containers-certmanager/6.1.2.1-cve-base.txt
diff --git a/docs/release_artifacts/6.1.2.1/z/aci-containers-certmanager/6.1.2.1-quay-cve.txt b/docs/release_artifacts/6.1.2.1/z/aci-containers-certmanager/6.1.2.1-quay-cve.txt
diff --git a/docs/release_artifacts/6.1.2.1/z/aci-containers-controller/6.1.2.1-cve-base.txt b/docs/release_artifacts/6.1.2.1/z/aci-containers-controller/6.1.2.1-cve-base.txt
diff --git a/docs/release_artifacts/6.1.2.1/z/aci-containers-controller/6.1.2.1-quay-cve.txt b/docs/release_artifacts/6.1.2.1/z/aci-containers-controller/6.1.2.1-quay-cve.txt
diff --git a/docs/release_artifacts/6.1.2.1/z/aci-containers-host-ovscni/6.1.2.1-cve-base.txt b/docs/release_artifacts/6.1.2.1/z/aci-containers-host-ovscni/6.1.2.1-cve-base.txt
diff --git a/docs/release_artifacts/6.1.2.1/z/aci-containers-host-ovscni/6.1.2.1-quay-cve.txt b/docs/release_artifacts/6.1.2.1/z/aci-containers-host-ovscni/6.1.2.1-quay-cve.txt
diff --git a/docs/release_artifacts/6.1.2.1/z/aci-containers-host/6.1.2.1-cve-base.txt b/docs/release_artifacts/6.1.2.1/z/aci-containers-host/6.1.2.1-cve-base.txt
diff --git a/docs/release_artifacts/6.1.2.1/z/aci-containers-host/6.1.2.1-quay-cve.txt b/docs/release_artifacts/6.1.2.1/z/aci-containers-host/6.1.2.1-quay-cve.txt
diff --git a/docs/release_artifacts/6.1.2.1/z/aci-containers-operator/6.1.2.1-cve-base.txt b/docs/release_artifacts/6.1.2.1/z/aci-containers-operator/6.1.2.1-cve-base.txt
diff --git a/docs/release_artifacts/6.1.2.1/z/aci-containers-operator/6.1.2.1-quay-cve.txt b/docs/release_artifacts/6.1.2.1/z/aci-containers-operator/6.1.2.1-quay-cve.txt
diff --git a/docs/release_artifacts/6.1.2.1/z/aci-containers-webhook/6.1.2.1-cve-base.txt b/docs/release_artifacts/6.1.2.1/z/aci-containers-webhook/6.1.2.1-cve-base.txt
diff --git a/docs/release_artifacts/6.1.2.1/z/aci-containers-webhook/6.1.2.1-quay-cve.txt b/docs/release_artifacts/6.1.2.1/z/aci-containers-webhook/6.1.2.1-quay-cve.txt
diff --git a/docs/release_artifacts/6.1.2.1/z/cnideploy/6.1.2.1-cve-base.txt b/docs/release_artifacts/6.1.2.1/z/cnideploy/6.1.2.1-cve-base.txt
diff --git a/docs/release_artifacts/6.1.2.1/z/cnideploy/6.1.2.1-quay-cve.txt b/docs/release_artifacts/6.1.2.1/z/cnideploy/6.1.2.1-quay-cve.txt
diff --git a/docs/release_artifacts/6.1.2.1/z/openvswitch/6.1.2.1-cve-base.txt b/docs/release_artifacts/6.1.2.1/z/openvswitch/6.1.2.1-cve-base.txt
diff --git a/docs/release_artifacts/6.1.2.1/z/openvswitch/6.1.2.1-quay-cve.txt b/docs/release_artifacts/6.1.2.1/z/openvswitch/6.1.2.1-quay-cve.txt
diff --git a/docs/release_artifacts/6.1.2.1/z/opflex/6.1.2.1-cve-base.txt b/docs/release_artifacts/6.1.2.1/z/opflex/6.1.2.1-cve-base.txt
diff --git a/docs/release_artifacts/6.1.2.1/z/opflex/6.1.2.1-quay-cve.txt b/docs/release_artifacts/6.1.2.1/z/opflex/6.1.2.1-quay-cve.txt