UNCLASSIFIED - NO CUI

chore(findings): redhat/ubi/ubi8

Summary

redhat/ubi/ubi8 has 93 new findings discovered during continuous monitoring.

id source severity package
CVE-2022-0235 Anchore CVE Medium python3-syspurpose-1.28.42-1.el8
CVE-2018-1000879 Anchore CVE Low libarchive-3.3.3-5.el8
CVE-2019-17543 Anchore CVE Medium lz4-libs-1.8.3-3.el8_4
CVE-2019-14250 Anchore CVE Low libgcc-8.5.0-22.el8_10
CVE-2023-0465 Anchore CVE Low openssl-libs-1:1.1.1k-12.el8_9
CVE-2021-33294 Anchore CVE Low elfutils-default-yama-scope-0.190-2.el8
CVE-2018-20657 Anchore CVE Low libgcc-8.5.0-22.el8_10
CVE-2022-23990 Anchore CVE Medium expat-2.2.5-13.el8_10
CVE-2023-0466 Anchore CVE Low openssl-libs-1:1.1.1k-12.el8_9
CVE-2018-20839 Anchore CVE Medium systemd-239-82.el8
CVE-2020-12413 Anchore CVE Low nss-util-3.90.0-7.el8_10
CVE-2020-21674 Anchore CVE Medium libarchive-3.3.3-5.el8
CVE-2023-32636 Anchore CVE Low glib2-2.56.4-162.el8
CVE-2020-12413 Anchore CVE Low nss-softokn-3.90.0-7.el8_10
CVE-2020-12413 Anchore CVE Low nss-sysinit-3.90.0-7.el8_10
CVE-2018-19211 Anchore CVE Low ncurses-base-6.1-10.20180224.el8
CVE-2024-2398 Anchore CVE Medium libcurl-7.61.1-34.el8
CVE-2018-19211 Anchore CVE Low ncurses-libs-6.1-10.20180224.el8
CVE-2019-9923 Anchore CVE Low tar-2:1.30-9.el8
CVE-2022-0235 Anchore CVE Medium python3-cloud-what-1.28.42-1.el8
CVE-2019-9936 Anchore CVE Low sqlite-libs-3.26.0-19.el8_9
CVE-2020-12413 Anchore CVE Low nss-softokn-freebl-3.90.0-7.el8_10
CVE-2018-20839 Anchore CVE Medium systemd-pam-239-82.el8
CVE-2019-9937 Anchore CVE Low sqlite-libs-3.26.0-19.el8_9
CVE-2021-20193 Anchore CVE Medium tar-2:1.30-9.el8
CVE-2005-2541 Anchore CVE Medium tar-2:1.30-9.el8
CVE-2021-33294 Anchore CVE Low elfutils-libs-0.190-2.el8
CVE-2023-2650 Anchore CVE Medium openssl-libs-1:1.1.1k-12.el8_9
CVE-2021-4209 Anchore CVE Low gnutls-3.6.16-8.el8_9.3
CVE-2020-35512 Anchore CVE Low dbus-1:1.12.8-26.el8
CVE-2022-0235 Anchore CVE Medium dnf-plugin-subscription-manager-1.28.42-1.el8
CVE-2022-0235 Anchore CVE Medium subscription-manager-1.28.42-1.el8
CVE-2021-33294 Anchore CVE Low elfutils-libelf-0.190-2.el8
CVE-2021-42694 Anchore CVE Medium libgcc-8.5.0-22.el8_10
CVE-2023-6004 Anchore CVE Low libssh-0.9.6-14.el8
CVE-2021-3997 Anchore CVE Medium systemd-libs-239-82.el8
CVE-2018-20225 Anchore CVE Low python3-pip-wheel-9.0.3-24.el8
CVE-2019-14250 Anchore CVE Low libstdc++-8.5.0-22.el8_10
CVE-2019-12904 Anchore CVE Medium libgcrypt-1.8.5-7.el8_6
CVE-2021-3997 Anchore CVE Medium systemd-239-82.el8
CVE-2023-27534 Anchore CVE Low curl-7.61.1-34.el8
CVE-2024-3651 Anchore CVE Medium python3-idna-2.5-5.el8
CVE-2023-6918 Anchore CVE Low libssh-0.9.6-14.el8
CVE-2021-42694 Anchore CVE Medium libstdc++-8.5.0-22.el8_10
CVE-2020-35512 Anchore CVE Low dbus-libs-1:1.12.8-26.el8
CVE-2020-35512 Anchore CVE Low dbus-tools-1:1.12.8-26.el8
CVE-2018-20839 Anchore CVE Medium systemd-libs-239-82.el8
CVE-2020-35512 Anchore CVE Low dbus-daemon-1:1.12.8-26.el8
CVE-2018-19217 Anchore CVE Low ncurses-base-6.1-10.20180224.el8
CVE-2020-12413 Anchore CVE Low nss-3.90.0-7.el8_10
CVE-2022-41409 Anchore CVE Low pcre2-10.32-3.el8_6
CVE-2019-19244 Anchore CVE Low sqlite-libs-3.26.0-19.el8_9
CVE-2020-35512 Anchore CVE Low dbus-common-1:1.12.8-26.el8
CVE-2018-1000654 Anchore CVE Low libtasn1-4.13-4.el8_7
CVE-2023-27534 Anchore CVE Low libcurl-7.61.1-34.el8
CVE-2023-39804 Anchore CVE Low tar-2:1.30-9.el8
CVE-2018-20657 Anchore CVE Low libstdc++-8.5.0-22.el8_10
CVE-2023-6004 Anchore CVE Low libssh-config-0.9.6-14.el8
CVE-2024-0727 Anchore CVE Low openssl-libs-1:1.1.1k-12.el8_9
CVE-2022-0235 Anchore CVE Medium python3-subscription-manager-rhsm-1.28.42-1.el8
CVE-2024-2398 Anchore CVE Medium curl-7.61.1-34.el8
CVE-2021-3997 Anchore CVE Medium systemd-pam-239-82.el8
CVE-2024-0232 Anchore CVE Low sqlite-libs-3.26.0-19.el8_9
CVE-2023-43804 Anchore CVE Medium python3-pip-wheel-9.0.3-24.el8
CVE-2018-19217 Anchore CVE Low ncurses-libs-6.1-10.20180224.el8
CVE-2023-6918 Anchore CVE Low libssh-config-0.9.6-14.el8
CVE-2019-8905 Anchore CVE Low file-libs-5.33-26.el8
CVE-2018-1000880 Anchore CVE Low libarchive-3.3.3-5.el8
CVE-2023-0464 Anchore CVE Low openssl-libs-1:1.1.1k-12.el8_9
CVE-2019-8906 Anchore CVE Low file-libs-5.33-26.el8
CVE-2019-9674 Anchore CVE Low platform-python-3.6.8-62.el8_10
CVE-2019-1010022 Anchore CVE Critical glibc-2.28-251.el8_10.2
CVE-2023-6597 Anchore CVE High platform-python-3.6.8-62.el8_10
CVE-2023-6597 Anchore CVE High python3-libs-3.6.8-62.el8_10
CVE-2019-1010022 Anchore CVE Critical glibc-minimal-langpack-2.28-251.el8_10.2
CVE-2019-1010022 Anchore CVE Critical glibc-common-2.28-251.el8_10.2
CVE-2019-9674 Anchore CVE Low python3-libs-3.6.8-62.el8_10
CVE-2024-0450 Anchore CVE Medium python3-libs-3.6.8-62.el8_10
CVE-2024-0450 Anchore CVE Medium platform-python-3.6.8-62.el8_10
CVE-2024-2398 Twistlock CVE Medium curl-7.61.1-34.el8
CVE-2024-2398 Twistlock CVE Medium libcurl-7.61.1-34.el8
CVE-2024-34397 Twistlock CVE Medium glib2-2.56.4-162.el8
CVE-2024-29040 Twistlock CVE Medium tpm2-tss-2.3.2-6.el8
CVE-2023-32636 Twistlock CVE Low glib2-2.56.4-162.el8
CVE-2024-34459 Twistlock CVE Low libxml2-2.9.7-18.el8_9
CVE-2022-27943 Twistlock CVE Low libgcc-8.5.0-22.el8_10
CVE-2022-27943 Twistlock CVE Low libstdc++-8.5.0-22.el8_10
CVE-2019-14250 Twistlock CVE Low libstdc++-8.5.0-22.el8_10
CVE-2019-14250 Twistlock CVE Low libgcc-8.5.0-22.el8_10
CVE-2018-20657 Twistlock CVE Low libstdc++-8.5.0-22.el8_10
CVE-2018-20657 Twistlock CVE Low libgcc-8.5.0-22.el8_10
CVE-2024-35195 Twistlock CVE Medium python3-pip-wheel-9.0.3-24.el8
CVE-2024-35195 Twistlock CVE Medium python3-requests-2.20.0-3.el8_8

VAT: https://vat.dso.mil/vat/image?imageName=redhat/ubi/ubi8&tag=8.10&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=redhat/ubi/ubi8&tag=8.9&branch=master

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by Al Fontaine
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI