UNCLASSIFIED - NO CUI

chore(findings): redhat/ubi/ubi9

Summary

redhat/ubi/ubi9 has 79 new findings discovered during continuous monitoring.

id source severity package
CVE-2024-33601 Anchore CVE Low glibc-common-2.34-100.el9
CVE-2024-2511 Anchore CVE Low openssl-1:3.0.7-27.el9
CVE-2024-0450 Anchore CVE Medium python3-libs-3.9.18-3.el9
CVE-2023-6597 Anchore CVE High python3-libs-3.9.18-3.el9
CVE-2024-2961 Anchore CVE High glibc-common-2.34-100.el9
CVE-2024-33599 Anchore CVE High glibc-minimal-langpack-2.34-100.el9
CVE-2024-33599 Anchore CVE High glibc-2.34-100.el9
CVE-2023-6597 Anchore CVE High python3-3.9.18-3.el9
CVE-2024-33599 Anchore CVE High glibc-common-2.34-100.el9
CVE-2024-33601 Anchore CVE Low glibc-2.34-100.el9
CVE-2024-33602 Anchore CVE Low glibc-minimal-langpack-2.34-100.el9
CVE-2024-33600 Anchore CVE Medium glibc-minimal-langpack-2.34-100.el9
CVE-2024-0450 Anchore CVE Medium python3-3.9.18-3.el9
CVE-2024-2961 Anchore CVE High glibc-2.34-100.el9
CVE-2024-33600 Anchore CVE Medium glibc-2.34-100.el9
CVE-2024-2511 Anchore CVE Low openssl-libs-1:3.0.7-27.el9
CVE-2024-33602 Anchore CVE Low glibc-common-2.34-100.el9
CVE-2024-33600 Anchore CVE Medium glibc-common-2.34-100.el9
CVE-2024-2961 Anchore CVE High glibc-minimal-langpack-2.34-100.el9
CVE-2024-33602 Anchore CVE Low glibc-2.34-100.el9
CVE-2024-33601 Anchore CVE Low glibc-minimal-langpack-2.34-100.el9
CVE-2022-29458 Anchore CVE Low ncurses-libs-6.2-10.20210508.el9
CVE-2022-27943 Anchore CVE Low libstdc++-11.4.1-3.el9
CVE-2022-27943 Anchore CVE Low libgomp-11.4.1-3.el9
CVE-2024-0232 Anchore CVE Low sqlite-libs-3.34.1-7.el9_3
CVE-2022-33070 Anchore CVE Low protobuf-c-1.3.3-13.el9
CVE-2024-25260 Anchore CVE Low elfutils-libs-0.190-2.el9
CVE-2005-2541 Anchore CVE Medium tar-2:1.34-6.el9_1
CVE-2022-27943 Anchore CVE Low libgcc-11.4.1-3.el9
CVE-2022-3606 Anchore CVE Low libbpf-2:1.3.0-2.el9
CVE-2022-3219 Anchore CVE Low gnupg2-2.3.3-4.el9
CVE-2022-41409 Anchore CVE Low pcre2-10.40-5.el9
CVE-2022-41409 Anchore CVE Low pcre2-syntax-10.40-5.el9
CVE-2024-25260 Anchore CVE Low elfutils-libelf-0.190-2.el9
CVE-2023-36632 Anchore CVE Medium python3-libs-3.9.18-3.el9
CVE-2023-39804 Anchore CVE Low tar-2:1.34-6.el9_1
CVE-2021-45940 Anchore CVE Low libbpf-2:1.3.0-2.el9
CVE-2023-50495 Anchore CVE Low ncurses-libs-6.2-10.20210508.el9
CVE-2023-36632 Anchore CVE Medium python3-3.9.18-3.el9
CVE-2023-50495 Anchore CVE Low ncurses-base-6.2-10.20210508.el9
CVE-2024-25260 Anchore CVE Low elfutils-default-yama-scope-0.190-2.el9
CVE-2021-45941 Anchore CVE Medium libbpf-2:1.3.0-2.el9
CVE-2022-29458 Anchore CVE Low ncurses-base-6.2-10.20210508.el9
CVE-2023-45803 Anchore CVE Medium python3-pip-wheel-21.2.3-8.el9
CVE-2024-2961 Twistlock CVE Critical glibc-minimal-langpack-2.34-100.el9
CVE-2024-2961 Twistlock CVE Critical glibc-common-2.34-100.el9
CVE-2024-2961 Twistlock CVE Critical glibc-2.34-100.el9
CVE-2023-6597 Twistlock CVE Critical python3-3.9.18-3.el9
CVE-2023-6597 Twistlock CVE Critical python3-libs-3.9.18-3.el9
CVE-2024-33599 Twistlock CVE Critical glibc-common-2.34-100.el9
CVE-2024-33599 Twistlock CVE Critical glibc-2.34-100.el9
CVE-2024-33599 Twistlock CVE Critical glibc-minimal-langpack-2.34-100.el9
CVE-2024-0450 Twistlock CVE Medium python3-3.9.18-3.el9
CVE-2024-0450 Twistlock CVE Medium python3-libs-3.9.18-3.el9
CVE-2021-23336 Twistlock CVE Medium python3-libs-3.9.18-3.el9
CVE-2021-23336 Twistlock CVE Medium python3-3.9.18-3.el9
CVE-2021-3997 Twistlock CVE Medium systemd-252-32.el9_4
CVE-2021-3997 Twistlock CVE Medium systemd-rpm-macros-252-32.el9_4
CVE-2021-3997 Twistlock CVE Medium systemd-libs-252-32.el9_4
CVE-2021-3997 Twistlock CVE Medium systemd-pam-252-32.el9_4
CVE-2024-33600 Twistlock CVE Medium glibc-2.34-100.el9
CVE-2024-33600 Twistlock CVE Medium glibc-common-2.34-100.el9
CVE-2024-33600 Twistlock CVE Medium glibc-minimal-langpack-2.34-100.el9
CVE-2022-0391 Twistlock CVE Medium python3-libs-3.9.18-3.el9
CVE-2022-0391 Twistlock CVE Medium python3-3.9.18-3.el9
CVE-2023-45803 Twistlock CVE Medium python3-pip-wheel-21.2.3-8.el9
CVE-2024-29040 Twistlock CVE Medium tpm2-tss-3.2.2-2.el9
CVE-2022-47011 Twistlock CVE Low gdb-gdbserver-10.2-13.el9
CVE-2022-47010 Twistlock CVE Low gdb-gdbserver-10.2-13.el9
CVE-2022-47007 Twistlock CVE Low gdb-gdbserver-10.2-13.el9
CVE-2021-3572 Twistlock CVE Low python3-pip-wheel-21.2.3-8.el9
CVE-2024-33602 Twistlock CVE Low glibc-minimal-langpack-2.34-100.el9
CVE-2024-33602 Twistlock CVE Low glibc-2.34-100.el9
CVE-2024-33602 Twistlock CVE Low glibc-common-2.34-100.el9
CVE-2024-33601 Twistlock CVE Low glibc-minimal-langpack-2.34-100.el9
CVE-2024-33601 Twistlock CVE Low glibc-2.34-100.el9
CVE-2024-33601 Twistlock CVE Low glibc-common-2.34-100.el9
CVE-2024-2511 Twistlock CVE Low openssl-3.0.7-27.el9
CVE-2024-2511 Twistlock CVE Low openssl-libs-3.0.7-27.el9

VAT: https://vat.dso.mil/vat/image?imageName=redhat/ubi/ubi9&tag=9.4&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=redhat/ubi/ubi9&tag=9.3&branch=master

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by Ghost User
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI