Docker centos:latest

Vulnerabilities

 3 via 3 paths

Dependencies

 172

Source

 Group 6 Copy Created with Sketch. Docker

Target OS

 centos:8
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 2
  • 1
Status
  • 3
  • 0
  • 0

high severity
new

RHSA-2021:0670

  • Vulnerable module: bind-export-libs
  • Introduced through: bind-export-libs@32:9.11.20-5.el8
  • Fixed in: 32:9.11.20-5.el8_3.1

Detailed paths

  • Introduced through: centos:latest@* bind-export-libs@32:9.11.20-5.el8

Overview

Affected versions of this package are vulnerable to RHSA-2021:0670. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation (CVE-2020-8625) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade bind-export-libs to version or higher.

References

RHSA-2021:0670 vulnerability report

high severity

RHSA-2020:5476

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.1.1g-11.el8
  • Fixed in: 1:1.1.1g-12.el8_3

Detailed paths

  • Introduced through: centos:latest@* openssl-libs@1:1.1.1g-11.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:5476. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Reject certificates with explicit EC parameters in strict mode (BZ#1891541) * Add FIPS selftest for HKDF, SSKDF, SSHKDF, and TLS12PRF; add DH_compute_key KAT to DH selftest (BZ#1891542)

Remediation

Upgrade openssl-libs to version or higher.

References

RHSA-2020:5476 vulnerability report

medium severity

RHSA-2020:5483

  • Vulnerable module: gnutls
  • Introduced through: gnutls@3.6.14-6.el8
  • Fixed in: 0:3.6.14-7.el8_3

Detailed paths

  • Introduced through: centos:latest@* gnutls@3.6.14-6.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:5483. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fix(es): * gnutls: Heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * gnutls: Add self-tests for implemented KDF algorithms and CMAC (BZ#1903037)

Remediation

Upgrade gnutls to version or higher.

References

RHSA-2020:5483 vulnerability report