Running with gitlab-runner 13.6.0 (8fa89735)  on p1-public-apps-runner-gitlab-runner-567cb455cd-927j7 9syAnSNW section_start:1620914749:resolve_secrets Resolving secrets section_end:1620914749:resolve_secrets section_start:1620914749:prepare_executor Preparing the "kubernetes" executor Using Kubernetes namespace: public-gitlab-runner Using Kubernetes executor with image aquasec/trivy:0.9.0 ... section_end:1620914749:prepare_executor section_start:1620914749:prepare_script Preparing environment Waiting for pod public-gitlab-runner/runner-9syansnw-project-2327-concurrent-1w42dc to be running, status is Pending Running on runner-9syansnw-project-2327-concurrent-1w42dc via p1-public-apps-runner-gitlab-runner-567cb455cd-927j7... section_end:1620914752:prepare_script section_start:1620914752:get_sources Getting source from Git repository Fetching changes with git depth set to 50... Initialized empty Git repository in /builds/platform-one/big-bang/pipeline-templates/pipeline-templates/.git/ Created fresh repository. Checking out 36d5c881 as kaniko-ib-image... Skipping Git submodules setup section_end:1620914753:get_sources section_start:1620914753:step_script Executing "step_script" stage of the job script $ apk add skopeo fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/APKINDEX.tar.gz fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/community/x86_64/APKINDEX.tar.gz (1/26) Installing device-mapper-libs (2.02.186-r0) (2/26) Installing libgpg-error (1.36-r2) (3/26) Installing libassuan (2.5.3-r0) (4/26) Installing libffi (3.2.1-r6) (5/26) Installing libblkid (2.34-r1) (6/26) Installing libmount (2.34-r1) (7/26) Installing pcre (8.43-r1) (8/26) Installing glib (2.62.6-r0) (9/26) Installing ncurses-terminfo-base (6.1_p20200118-r4) (10/26) Installing ncurses-libs (6.1_p20200118-r4) (11/26) Installing libgcrypt (1.8.5-r0) (12/26) Installing libsecret (0.19.1-r0) (13/26) Installing pinentry (1.1.0-r2) Executing pinentry-1.1.0-r2.post-install (14/26) Installing gmp (6.1.2-r1) (15/26) Installing nettle (3.5.1-r0) (16/26) Installing p11-kit (0.23.18.1-r1) (17/26) Installing libtasn1 (4.15.0-r0) (18/26) Installing libunistring (0.9.10-r0) (19/26) Installing gnutls (3.6.15-r1) (20/26) Installing libksba (1.3.5-r0) (21/26) Installing libsasl (2.1.27-r5) (22/26) Installing libldap (2.4.48-r3) (23/26) Installing npth (1.6-r0) (24/26) Installing gnupg (2.2.19-r0) (25/26) Installing gpgme (1.13.1-r1) (26/26) Installing skopeo (0.1.40-r1) Executing busybox-1.31.1-r9.trigger OK: 79 MiB in 64 packages $ skopeo copy --screds $CI_REGISTRY_USER:$CI_REGISTRY_PASSWORD docker://$IMAGE:$CI_COMMIT_SHORT_SHA oci:/image Getting image source signatures Copying blob sha256:8f403cb21126270e2d1551022b82c77c695ce40c9812795daf7ad77a05c2b9f6 Copying blob sha256:65c0f2178ac8a3c28f48efd26ccf16bd6f344fa88d1aa20efd3a25d5f99587c0 Copying blob sha256:a314834278a2aff880175028f07ed38375fd84b3d9c40b36e3eedb011bd9a253 Copying blob sha256:99b3ecef9a972f27b6407a08f9ddf8dd544cf38f386150073ad4f85fb7d292e4 Copying config sha256:79f2ecc88338d6ee7aedae20bd1b241152db63a7cf253bf9389745d2236c729d Writing manifest to image destination Storing signatures $ trivy --no-progress --input /image 2021-05-13T14:05:56.756Z INFO Need to update DB 2021-05-13T14:05:56.756Z INFO Downloading DB... 2021-05-13T14:05:59.740Z INFO Detecting RHEL/CentOS vulnerabilities... /image (redhat 8.3) =================== Total: 117 (UNKNOWN: 0, LOW: 45, MEDIUM: 71, HIGH: 1, CRITICAL: 0) +------------------------+------------------+----------+--------------------+---------------+-------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +------------------------+------------------+----------+--------------------+---------------+-------------------------------------+ | bash | CVE-2019-18276 | LOW | 4.4.19-12.el8 | | bash: when effective UID is | | | | | | | not equal to its real UID | | | | | | | the... | +------------------------+------------------+----------+--------------------+---------------+-------------------------------------+ | brotli | CVE-2020-8927 | MEDIUM | 1.0.6-2.el8 | | brotli: buffer overflow when | | | | | | | input chunk is larger than | | | | | | | 2GiB | +------------------------+------------------+----------+--------------------+---------------+-------------------------------------+ | bzip2-libs | CVE-2019-12900 | LOW | 1.0.6-26.el8 | | bzip2: out-of-bounds write in | | | | | | | function BZ2_decompress | +------------------------+------------------+----------+--------------------+---------------+-------------------------------------+ | coreutils-single | CVE-2017-18018 | MEDIUM | 8.30-8.el8 | | coreutils: race condition | | | | | | | vulnerability in chown and | | | | | | | chgrp | +------------------------+------------------+ +--------------------+---------------+-------------------------------------+ | curl | CVE-2020-8284 | | 7.61.1-14.el8_3.1 | | curl: FTP PASV command | | | | | | | response can cause curl to | | | | | | | connect to arbitrary... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-8285 | | | | curl: Malicious FTP server can | | | | | | | trigger stack overflow when | | | | | | | CURLOPT_CHUNK_BGN_FUNCTION is | | | | | | | used... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-8286 | | | | curl: Inferior OCSP | | | | | | | verification | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-22876 | | | | curl: Leak of authentication | | | | | | | credentials in URL via | | | | | | | automatic Referer | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2020-8231 | LOW | | | curl: Expired pointer | | | | | | | dereference via multi API with | | | | | | | CURLOPT_CONNECT_ONLY option | | | | | | | set | +------------------------+------------------+----------+--------------------+---------------+-------------------------------------+ | file-libs | CVE-2019-18218 | MEDIUM | 5.33-16.el8_3.1 | | file: heap-based | | | | | | | buffer overflow in | | | | | | | cdf_read_property_info in | | | | | | | cdf.c | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2019-8905 | LOW | | | file: stack-based buffer | | | | | | | over-read in do_core_note in | | | | | | | readelf.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-8906 | | | | file: out-of-bounds read in | | | | | | | do_core_note in readelf.c | +------------------------+------------------+----------+--------------------+---------------+-------------------------------------+ | glib2 | CVE-2021-27218 | MEDIUM | 2.56.4-8.el8 | | glib: integer overflow in | | | | | | | g_byte_array_new_take function | | | | | | | when called with a buffer | | | | | | | of... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-27219 | | | | glib: integer overflow in | | | | | | | g_bytes_new function on 64-bit | | | | | | | platforms due to an... | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2018-16428 | LOW | | | glib2: NULL pointer dereference in | | | | | | | g_markup_parse_context_end_parse() | | | | | | | function in gmarkup.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-16429 | | | | glib2: Out-of-bounds read in | | | | | | | g_markup_parse_context_parse() | | | | | | | in gmarkup.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-13012 | | | | glib2: insecure permissions | | | | | | | for files and directories | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-28153 | | | | glib: g_file_replace() with | | | | | | | G_FILE_CREATE_REPLACE_DESTINATION | | | | | | | creates empty target for dangling | | | | | | | symlink | +------------------------+------------------+----------+--------------------+---------------+-------------------------------------+ | glibc | CVE-2019-1010022 | MEDIUM | 2.28-127.el8_3.2 | | glibc: stack guard protection | | | | | | | bypass | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-25013 | | | | glibc: buffer over-read in | | | | | | | iconv when processing invalid | | | | | | | multi-byte input sequences | | | | | | | in... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-9169 | | | | glibc: regular-expression | | | | | | | match via proceed_next_node | | | | | | | in posix/regexec.c leads to | | | | | | | heap-based buffer over-read... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3326 | | | | glibc: Assertion failure | | | | | | | in ISO-2022-JP-3 gconv | | | | | | | module related to combining | | | | | | | characters | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2016-10228 | LOW | | | glibc: iconv program can | | | | | | | hang when invoked with the -c | | | | | | | option | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-27618 | | | | glibc: iconv when processing | | | | | | | invalid multi-byte input | | | | | | | sequences fails to advance | | | | | | | the... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-27645 | | | | glibc: Use-after-free in | | | | | | | addgetnetgrentX function in | | | | | | | netgroupcache.c | +------------------------+------------------+----------+ +---------------+-------------------------------------+ | glibc-common | CVE-2019-1010022 | MEDIUM | | | glibc: stack guard protection | | | | | | | bypass | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-25013 | | | | glibc: buffer over-read in | | | | | | | iconv when processing invalid | | | | | | | multi-byte input sequences | | | | | | | in... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-9169 | | | | glibc: regular-expression | | | | | | | match via proceed_next_node | | | | | | | in posix/regexec.c leads to | | | | | | | heap-based buffer over-read... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3326 | | | | glibc: Assertion failure | | | | | | | in ISO-2022-JP-3 gconv | | | | | | | module related to combining | | | | | | | characters | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2016-10228 | LOW | | | glibc: iconv program can | | | | | | | hang when invoked with the -c | | | | | | | option | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-27618 | | | | glibc: iconv when processing | | | | | | | invalid multi-byte input | | | | | | | sequences fails to advance | | | | | | | the... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-27645 | | | | glibc: Use-after-free in | | | | | | | addgetnetgrentX function in | | | | | | | netgroupcache.c | +------------------------+------------------+----------+ +---------------+-------------------------------------+ | glibc-minimal-langpack | CVE-2019-1010022 | MEDIUM | | | glibc: stack guard protection | | | | | | | bypass | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-25013 | | | | glibc: buffer over-read in | | | | | | | iconv when processing invalid | | | | | | | multi-byte input sequences | | | | | | | in... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-9169 | | | | glibc: regular-expression | | | | | | | match via proceed_next_node | | | | | | | in posix/regexec.c leads to | | | | | | | heap-based buffer over-read... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3326 | | | | glibc: Assertion failure | | | | | | | in ISO-2022-JP-3 gconv | | | | | | | module related to combining | | | | | | | characters | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2016-10228 | LOW | | | glibc: iconv program can | | | | | | | hang when invoked with the -c | | | | | | | option | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-27618 | | | | glibc: iconv when processing | | | | | | | invalid multi-byte input | | | | | | | sequences fails to advance | | | | | | | the... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-27645 | | | | glibc: Use-after-free in | | | | | | | addgetnetgrentX function in | | | | | | | netgroupcache.c | +------------------------+------------------+----------+--------------------+---------------+-------------------------------------+ | gnupg2 | CVE-2018-1000858 | MEDIUM | 2.2.20-2.el8 | | gnupg2: Cross site | | | | | | | request forgery in dirmngr | | | | | | | resulting in an information | | | | | | | disclosure... | +------------------------+------------------+ +--------------------+---------------+-------------------------------------+ | gnutls | CVE-2021-20231 | | 3.6.14-8.el8_3 | | gnutls: Use after free in | | | | | | | client key_share extension | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-20232 | | | | gnutls: Use after free | | | | | | | in client_send_params in | | | | | | | lib/ext/pre_shared_key.c | +------------------------+------------------+ +--------------------+---------------+-------------------------------------+ | json-c | CVE-2020-12762 | | 0.13.1-0.2.el8 | | json-c: integer overflow and | | | | | | | out-of-bounds write via a | | | | | | | large JSON file | +------------------------+------------------+ +--------------------+---------------+-------------------------------------+ | krb5-libs | CVE-2020-28196 | | 1.18.2-5.el8 | | krb5: unbounded recursion | | | | | | | via an ASN.1-encoded | | | | | | | Kerberos message in | | | | | | | lib/krb5/asn.1/asn1_encode.c | | | | | | | may lead... | +------------------------+------------------+ +--------------------+---------------+-------------------------------------+ | libarchive | CVE-2017-14502 | | 3.3.2-9.el8 | | libarchive: Off-by-one error | | | | | | | in the read_header function | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-21674 | | | | libarchive: heap-based | | | | | | | buffer overflow in | | | | | | | archive_string_append_from_wcs | | | | | | | function in archive_string.c | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2017-14166 | LOW | | | libarchive: Heap-based | | | | | | | buffer over-read in the atol8 | | | | | | | function | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2017-14501 | | | | libarchive: Out-of-bounds read | | | | | | | in parse_file_info | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-1000879 | | | | libarchive: NULL pointer | | | | | | | dereference in ACL parser | | | | | | | resulting in a denial of... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-1000880 | | | | libarchive: Improper input | | | | | | | validation in WARC parser | | | | | | | resulting in a denial of... | +------------------------+------------------+----------+--------------------+---------------+-------------------------------------+ | libcurl | CVE-2020-8284 | MEDIUM | 7.61.1-14.el8_3.1 | | curl: FTP PASV command | | | | | | | response can cause curl to | | | | | | | connect to arbitrary... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-8285 | | | | curl: Malicious FTP server can | | | | | | | trigger stack overflow when | | | | | | | CURLOPT_CHUNK_BGN_FUNCTION is | | | | | | | used... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-8286 | | | | curl: Inferior OCSP | | | | | | | verification | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-22876 | | | | curl: Leak of authentication | | | | | | | credentials in URL via | | | | | | | automatic Referer | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2020-8231 | LOW | | | curl: Expired pointer | | | | | | | dereference via multi API with | | | | | | | CURLOPT_CONNECT_ONLY option | | | | | | | set | +------------------------+------------------+ +--------------------+---------------+-------------------------------------+ | libdb | CVE-2019-2708 | | 5.3.28-39.el8 | | libdb: Denial of service in | | | | | | | the Data Store component | +------------------------+ + + +---------------+ + | libdb-utils | | | | | | | | | | | | | +------------------------+------------------+----------+--------------------+---------------+-------------------------------------+ | libdnf | CVE-2021-3445 | MEDIUM | 0.48.0-5.el8 | | libdnf: libdnf does its own | | | | | | | signature verification, but | | | | | | | this can be tricked... | +------------------------+------------------+ +--------------------+---------------+-------------------------------------+ | libgcc | CVE-2018-20673 | | 8.3.1-5.1.el8 | | libiberty: Integer overflow in | | | | | | | demangle_template() function | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2018-20657 | LOW | | | libiberty: Memory leak in | | | | | | | demangle_template function | | | | | | | resulting in a denial of | | | | | | | service... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-14250 | | | | binutils: integer overflow in | | | | | | | simple-object-elf.c leads to a | | | | | | | heap-based buffer overflow | +------------------------+------------------+----------+--------------------+---------------+-------------------------------------+ | libgcrypt | CVE-2019-12904 | MEDIUM | 1.8.5-4.el8 | | Libgcrypt: physical addresses | | | | | | | being available to other | | | | | | | processes leads to a | | | | | | | flush-and-reload... | +------------------------+------------------+----------+--------------------+---------------+-------------------------------------+ | libssh | CVE-2020-16135 | LOW | 0.9.4-2.el8 | | libssh: NULL pointer | | | | | | | dereference in sftpserver.c if | | | | | | | ssh_buffer_new returns NULL | +------------------------+ + + +---------------+ + | libssh-config | | | | | | | | | | | | | | | | | | | | +------------------------+------------------+----------+--------------------+---------------+-------------------------------------+ | libstdc++ | CVE-2018-20673 | MEDIUM | 8.3.1-5.1.el8 | | libiberty: Integer overflow in | | | | | | | demangle_template() function | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2018-20657 | LOW | | | libiberty: Memory leak in | | | | | | | demangle_template function | | | | | | | resulting in a denial of | | | | | | | service... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-14250 | | | | binutils: integer overflow in | | | | | | | simple-object-elf.c leads to a | | | | | | | heap-based buffer overflow | +------------------------+------------------+ +--------------------+---------------+-------------------------------------+ | libtasn1 | CVE-2018-1000654 | | 4.13-3.el8 | | libtasn1: Infinite loop in | | | | | | | _asn1_expand_object_id(ptree) | | | | | | | leads to memory exhaustion | +------------------------+------------------+----------+--------------------+---------------+-------------------------------------+ | libxml2 | CVE-2020-24977 | MEDIUM | 2.9.7-8.el8 | | libxml2: Buffer overflow | | | | | | | vulnerability in | | | | | | | xmlEncodeEntitiesInternal() in | | | | | | | entities.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3516 | | | | libxml2: use-after-free in | | | | | | | xmlEncodeEntitiesInternal() in | | | | | | | entities.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3517 | | | | libxml2: heap-based | | | | | | | buffer overflow in | | | | | | | xmlEncodeEntitiesInternal() in | | | | | | | entities.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3518 | | | | libxml2: use-after-free in | | | | | | | xmlXIncludeDoProcess() in | | | | | | | xinclude.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3537 | | | | libxml2: NULL pointer | | | | | | | dereference when | | | | | | | post-validating mix content | | | | | | | parsed in recovery mode... | +------------------------+------------------+----------+--------------------+---------------+-------------------------------------+ | libzstd | CVE-2021-24032 | LOW | 1.4.4-1.el8 | | zstd: Race condition | | | | | | | allows attacker to access | | | | | | | world-readable destination | | | | | | | file | +------------------------+------------------+----------+--------------------+---------------+-------------------------------------+ | lua-libs | CVE-2020-15945 | MEDIUM | 5.3.4-11.el8 | | lua: segmentation fault in | | | | | | | changedline in ldebug.c | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2020-24370 | LOW | | | lua: segmentation fault | | | | | | | in getlocal and setlocal | | | | | | | functions in ldebug.c | +------------------------+------------------+----------+--------------------+---------------+-------------------------------------+ | lz4-libs | CVE-2019-17543 | MEDIUM | 1.8.3-2.el8 | | lz4: heap-based buffer | | | | | | | overflow in LZ4_write32 | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3520 | | | | lz4: memory corruption due to | | | | | | | an integer overflow bug caused | | | | | | | by memmove... | +------------------------+------------------+ +--------------------+---------------+-------------------------------------+ | ncurses-base | CVE-2019-17594 | | 6.1-7.20180224.el8 | | ncurses: heap-based buffer | | | | | | | overflow in the _nc_find_entry | | | | | | | function in tinfo/comp_hash.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-17595 | | | | ncurses: heap-based buffer | | | | | | | overflow in the fmt_entry | | | | | | | function in tinfo/comp_hash.c | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2018-19211 | LOW | | | ncurses: Null pointer | | | | | | | dereference at function | | | | | | | _nc_parse_entry in | | | | | | | parse_entry.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-19217 | | | | ncurses: Null pointer | | | | | | | dereference at function | | | | | | | _nc_name_match | +------------------------+------------------+----------+ +---------------+-------------------------------------+ | ncurses-libs | CVE-2019-17594 | MEDIUM | | | ncurses: heap-based buffer | | | | | | | overflow in the _nc_find_entry | | | | | | | function in tinfo/comp_hash.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-17595 | | | | ncurses: heap-based buffer | | | | | | | overflow in the fmt_entry | | | | | | | function in tinfo/comp_hash.c | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2018-19211 | LOW | | | ncurses: Null pointer | | | | | | | dereference at function | | | | | | | _nc_parse_entry in | | | | | | | parse_entry.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-19217 | | | | ncurses: Null pointer | | | | | | | dereference at function | | | | | | | _nc_name_match | +------------------------+------------------+----------+--------------------+---------------+-------------------------------------+ | openssl-libs | CVE-2021-23840 | MEDIUM | 1:1.1.1g-15.el8_3 | | openssl: integer overflow in | | | | | | | CipherUpdate | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-23841 | | | | openssl: NULL pointer | | | | | | | dereference in | | | | | | | X509_issuer_and_serial_hash() | +------------------------+------------------+ +--------------------+---------------+-------------------------------------+ | p11-kit | CVE-2020-29361 | | 0.23.14-5.el8_0 | | p11-kit: integer overflow when | | | | | | | allocating memory for arrays | | | | | | | or attributes and object... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-29362 | | | | p11-kit: out-of-bounds read in | | | | | | | p11_rpc_buffer_get_byte_array | | | | | | | function in rpc-message.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-29363 | | | | p11-kit: out-of-bounds write in | | | | | | | p11_rpc_buffer_get_byte_array_value | | | | | | | function in rpc-message.c | +------------------------+------------------+ + +---------------+-------------------------------------+ | p11-kit-trust | CVE-2020-29361 | | | | p11-kit: integer overflow when | | | | | | | allocating memory for arrays | | | | | | | or attributes and object... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-29362 | | | | p11-kit: out-of-bounds read in | | | | | | | p11_rpc_buffer_get_byte_array | | | | | | | function in rpc-message.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-29363 | | | | p11-kit: out-of-bounds write in | | | | | | | p11_rpc_buffer_get_byte_array_value | | | | | | | function in rpc-message.c | +------------------------+------------------+----------+--------------------+---------------+-------------------------------------+ | pcre | CVE-2019-20838 | LOW | 8.42-4.el8 | | pcre: buffer over-read in JIT | | | | | | | when UTF is disabled | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-14155 | | | | pcre: integer overflow in | | | | | | | libpcre | +------------------------+------------------+----------+--------------------+---------------+-------------------------------------+ | rpm | CVE-2021-20271 | MEDIUM | 4.14.3-4.el8 | | rpm: Signature checks bypass | | | | | | | via corrupted rpm package | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3421 | | | | rpm: unsigned signature header | | | | | | | leads to string injection into | | | | | | | an rpm database... | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2021-20266 | LOW | | | rpm: missing length checks in | | | | | | | hdrblobInit() | +------------------------+------------------+----------+ +---------------+-------------------------------------+ | rpm-libs | CVE-2021-20271 | MEDIUM | | | rpm: Signature checks bypass | | | | | | | via corrupted rpm package | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3421 | | | | rpm: unsigned signature header | | | | | | | leads to string injection into | | | | | | | an rpm database... | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2021-20266 | LOW | | | rpm: missing length checks in | | | | | | | hdrblobInit() | +------------------------+------------------+----------+--------------------+---------------+-------------------------------------+ | sqlite-libs | CVE-2019-5827 | HIGH | 3.26.0-11.el8 | | chromium-browser: | | | | | | | out-of-bounds access in SQLite | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2019-13750 | MEDIUM | | | sqlite: dropping of shadow | | | | | | | tables not restricted in | | | | | | | defensive mode | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-13751 | | | | sqlite: fts3: improve | | | | | | | detection of corrupted records | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-19603 | | | | sqlite: mishandles certain | | | | | | | SELECT statements with a | | | | | | | nonexistent VIEW, leading to | | | | | | | DoS... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-19645 | | | | sqlite: infinite recursion | | | | | | | via certain types of | | | | | | | self-referential views in | | | | | | | conjunction with... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-19880 | | | | sqlite: invalid | | | | | | | pointer dereference in | | | | | | | exprListAppendList in window.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-13434 | | | | sqlite: integer overflow in | | | | | | | sqlite3_str_vappendf function | | | | | | | in printf.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-13435 | | | | sqlite: NULL pointer | | | | | | | dereference leads to | | | | | | | segmentation fault in | | | | | | | sqlite3ExprCodeTarget in | | | | | | | expr.c... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-15358 | | | | sqlite: heap-based | | | | | | | buffer overflow in | | | | | | | multiSelectOrderBy due to | | | | | | | mishandling of query-flattener | | | | | | | optimization... | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2019-19244 | LOW | | | sqlite: allows a crash if a | | | | | | | sub-select uses both DISTINCT | | | | | | | and window... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-9936 | | | | sqlite: heap-based buffer | | | | | | | over-read in function | | | | | | | fts5HashEntrySort in sqlite3.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-9937 | | | | sqlite: null-pointer | | | | | | | dereference in function | | | | | | | fts5ChunkIterate in sqlite3.c | +------------------------+------------------+----------+--------------------+---------------+-------------------------------------+ | systemd-libs | CVE-2018-20839 | MEDIUM | 239-41.el8_3.2 | | systemd: mishandling of the | | | | | | | current keyboard mode check | | | | | | | leading to passwords being... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-3842 | | | | systemd: Spoofing of | | | | | | | XDG_SEAT allows for actions | | | | | | | to be checked against | | | | | | | "allow_active"... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-13776 | | | | systemd: Mishandles numerical | | | | | | | usernames beginning with | | | | | | | decimal digits or 0x followed | | | | | | | by... | +------------------------+------------------+----------+--------------------+---------------+-------------------------------------+ $ trivy --no-progress -f json -o gl-container-scanning-report.json --input /image 2021-05-13T14:05:59.781Z INFO Detecting RHEL/CentOS vulnerabilities... $ echo "This scan is currently only implemented for awareness, no pipeline actions are taken as a result of the scans" This scan is currently only implemented for awareness, no pipeline actions are taken as a result of the scans section_end:1620914759:step_script section_start:1620914759:upload_artifacts_on_success Uploading artifacts for successful job Uploading artifacts... gl-container-scanning-report.json: found 1 matching files and directories Uploading artifacts as "container_scanning" to coordinator... ok id=3306838 responseStatus=201 Created token=kCgZj-AM section_end:1620914760:upload_artifacts_on_success section_start:1620914760:cleanup_file_variables Cleaning up file based variables section_end:1620914760:cleanup_file_variables Job succeeded