Docker centos:latest
Vulnerabilities |
3 via 3 paths |
---|---|
Dependencies |
172 |
Source |
Docker |
Target OS |
centos:8 |
high severity
new
- Vulnerable module: bind-export-libs
- Introduced through: bind-export-libs@32:9.11.20-5.el8
- Fixed in: 32:9.11.20-5.el8_3.1
Detailed paths
-
Introduced through: centos:latest@* › bind-export-libs@32:9.11.20-5.el8
Overview
Affected versions of this package are vulnerable to RHSA-2021:0670. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation (CVE-2020-8625) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Remediation
Upgrade bind-export-libs
to version or higher.
References
high severity
- Vulnerable module: openssl-libs
- Introduced through: openssl-libs@1:1.1.1g-11.el8
- Fixed in: 1:1.1.1g-12.el8_3
Detailed paths
-
Introduced through: centos:latest@* › openssl-libs@1:1.1.1g-11.el8
Overview
Affected versions of this package are vulnerable to RHSA-2020:5476. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Reject certificates with explicit EC parameters in strict mode (BZ#1891541) * Add FIPS selftest for HKDF, SSKDF, SSHKDF, and TLS12PRF; add DH_compute_key KAT to DH selftest (BZ#1891542)
Remediation
Upgrade openssl-libs
to version or higher.
References
medium severity
- Vulnerable module: gnutls
- Introduced through: gnutls@3.6.14-6.el8
- Fixed in: 0:3.6.14-7.el8_3
Detailed paths
-
Introduced through: centos:latest@* › gnutls@3.6.14-6.el8
Overview
Affected versions of this package are vulnerable to RHSA-2020:5483. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fix(es): * gnutls: Heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * gnutls: Add self-tests for implemented KDF algorithms and CMAC (BZ#1903037)
Remediation
Upgrade gnutls
to version or higher.