· 6 years ago · Apr 02, 2020, 12:32 PM
1[root@knode-etcd1 ~]# CLAIR_ADDR=http://192.168.250.61:30060 klar quay.io/openshift/origin-console:4.6.0
2clair timeout 1m0s
3docker timeout: 1m0s
4no whitelist file
5Analysing 5 layers
6Got results from Clair API v1
7Found 14 vulnerabilities
8Low: 3
9Medium: 11
10
11RHSA-2020:1022: [Low]
12Found in: file-libs [5.11-35.el7]
13Fixed By: 0:5.11-36.el7
14The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Security Fix(es): * file: out-of-bounds read via a crafted ELF file (CVE-2018-10360) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
15https://access.redhat.com/errata/RHSA-2020:1022
16-----------------------------------------
17RHSA-2020:1020: [Low]
18Found in: curl [7.29.0-54.el7_7.2]
19Fixed By: 0:7.29.0-57.el7
20The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
21https://access.redhat.com/errata/RHSA-2020:1020
22-----------------------------------------
23RHSA-2020:1020: [Low]
24Found in: libcurl [7.29.0-54.el7_7.2]
25Fixed By: 0:7.29.0-57.el7
26The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
27https://access.redhat.com/errata/RHSA-2020:1020
28-----------------------------------------
29RHSA-2020:1061: [Medium]
30Found in: bind-utils [32:9.11.4-9.P2.el7]
31Fixed By: 32:9.11.4-16.P2.el7
32The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: TCP Pipelining doesn't limit TCP clients on a single connection (CVE-2019-6477) * bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (CVE-2018-5745) * bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable (CVE-2019-6465) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
33https://access.redhat.com/errata/RHSA-2020:1061
34-----------------------------------------
35RHSA-2020:1190: [Medium]
36Found in: libxml2-python [2.9.1-6.el7_2.3]
37Fixed By: 0:2.9.1-6.el7.4
38The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131) * libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412) * libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035) * libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404) * libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258) * libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
39https://access.redhat.com/errata/RHSA-2020:1190
40-----------------------------------------
41RHSA-2020:1061: [Medium]
42Found in: bind-libs-lite [32:9.11.4-9.P2.el7]
43Fixed By: 32:9.11.4-16.P2.el7
44The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: TCP Pipelining doesn't limit TCP clients on a single connection (CVE-2019-6477) * bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (CVE-2018-5745) * bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable (CVE-2019-6465) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
45https://access.redhat.com/errata/RHSA-2020:1061
46-----------------------------------------
47RHSA-2020:1061: [Medium]
48Found in: bind-license [32:9.11.4-9.P2.el7]
49Fixed By: 32:9.11.4-16.P2.el7
50The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: TCP Pipelining doesn't limit TCP clients on a single connection (CVE-2019-6477) * bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (CVE-2018-5745) * bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable (CVE-2019-6465) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
51https://access.redhat.com/errata/RHSA-2020:1061
52-----------------------------------------
53RHSA-2020:1011: [Medium]
54Found in: expat [2.1.0-10.el7_3]
55Fixed By: 0:2.1.0-11.el7
56Expat is a C library for parsing XML documents. Security Fix(es): * expat: Integer overflow leading to buffer overflow in XML_GetBuffer() (CVE-2015-2716) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
57https://access.redhat.com/errata/RHSA-2020:1011
58-----------------------------------------
59RHSA-2020:1021: [Medium]
60Found in: shared-mime-info [1.8-4.el7]
61Fixed By: 0:1.8-5.el7
62GNOME is the default desktop environment of Red Hat Enterprise Linux. Security Fix(es): * gnome-shell: partial lock screen bypass (CVE-2019-3820) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
63https://access.redhat.com/errata/RHSA-2020:1021
64-----------------------------------------
65RHSA-2020:1113: [Medium]
66Found in: bash [4.2.46-33.el7]
67Fixed By: 0:4.2.46-34.el7
68The bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux. Security Fix(es): * bash: BASH_CMD is writable in restricted bash shells (CVE-2019-9924) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
69https://access.redhat.com/errata/RHSA-2020:1113
70-----------------------------------------
71RHSA-2020:1131: [Medium]
72Found in: python [2.7.5-86.el7]
73Fixed By: 0:2.7.5-88.el7
74Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Cookie domain check returns incorrect results (CVE-2018-20852) * python: email.utils.parseaddr wrongly parses email addresses (CVE-2019-16056) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
75https://access.redhat.com/errata/RHSA-2020:1131
76-----------------------------------------
77RHSA-2020:1131: [Medium]
78Found in: python-libs [2.7.5-86.el7]
79Fixed By: 0:2.7.5-88.el7
80Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Cookie domain check returns incorrect results (CVE-2018-20852) * python: email.utils.parseaddr wrongly parses email addresses (CVE-2019-16056) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
81https://access.redhat.com/errata/RHSA-2020:1131
82-----------------------------------------
83RHSA-2020:1061: [Medium]
84Found in: bind-libs [32:9.11.4-9.P2.el7]
85Fixed By: 32:9.11.4-16.P2.el7
86The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: TCP Pipelining doesn't limit TCP clients on a single connection (CVE-2019-6477) * bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (CVE-2018-5745) * bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable (CVE-2019-6465) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
87https://access.redhat.com/errata/RHSA-2020:1061
88-----------------------------------------
89RHSA-2020:1190: [Medium]
90Found in: libxml2 [2.9.1-6.el7_2.3]
91Fixed By: 0:2.9.1-6.el7.4
92The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131) * libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412) * libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035) * libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404) * libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258) * libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
93https://access.redhat.com/errata/RHSA-2020:1190
94-----------------------------------------