Docker centos:centos7.9.2009

Vulnerabilities

15 via 15 paths

Dependencies

148

Source

Group 6 Copy Created with Sketch. Docker

Target OS

centos:7
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 4
  • 11
Status
  • 15
  • 0
  • 0

high severity

RHSA-2021:0671

  • Vulnerable module: bind-license
  • Introduced through: bind-license@32:9.11.4-26.P2.el7
  • Fixed in: 32:9.11.4-26.P2.el7_9.4

Detailed paths

  • Introduced through: centos:centos7.9.2009@* bind-license@32:9.11.4-26.P2.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream bind-license package. See Remediation section below for Centos:7 relevant versions.

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation (CVE-2020-8625) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:7 bind-license to version 32:9.11.4-26.P2.el7_9.4 or higher.

References

high severity

RHSA-2021:1469

  • Vulnerable module: bind-license
  • Introduced through: bind-license@32:9.11.4-26.P2.el7
  • Fixed in: 32:9.11.4-26.P2.el7_9.5

Detailed paths

  • Introduced through: centos:centos7.9.2009@* bind-license@32:9.11.4-26.P2.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream bind-license package. See Remediation section below for Centos:7 relevant versions.

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself (CVE-2021-25215) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:7 bind-license to version 32:9.11.4-26.P2.el7_9.5 or higher.

References

high severity

RHSA-2021:2147

  • Vulnerable module: glib2
  • Introduced through: glib2@2.56.1-7.el7
  • Fixed in: 0:2.56.1-9.el7_9

Detailed paths

  • Introduced through: centos:centos7.9.2009@* glib2@2.56.1-7.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream glib2 package. See Remediation section below for Centos:7 relevant versions.

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fix(es): * glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits (CVE-2021-27219) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:7 glib2 to version 0:2.56.1-9.el7_9 or higher.

References

high severity

RHSA-2020:5566

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-19.el7
  • Fixed in: 1:1.0.2k-21.el7_9

Detailed paths

  • Introduced through: centos:centos7.9.2009@* openssl-libs@1:1.0.2k-19.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl-libs package. See Remediation section below for Centos:7 relevant versions.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:7 openssl-libs to version 1:1.0.2k-21.el7_9 or higher.

References

medium severity

RHSA-2020:5011

  • Vulnerable module: bind-license
  • Introduced through: bind-license@32:9.11.4-26.P2.el7
  • Fixed in: 32:9.11.4-26.P2.el7_9.2

Detailed paths

  • Introduced through: centos:centos7.9.2009@* bind-license@32:9.11.4-26.P2.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream bind-license package. See Remediation section below for Centos:7 relevant versions.

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: truncated TSIG response can lead to an assertion failure (CVE-2020-8622) * bind: remotely triggerable assertion failure in pk11.c (CVE-2020-8623) * bind: incorrect enforcement of update-policy rules of type "subdomain" (CVE-2020-8624) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * BIND stops DNSKEY lookup in get_dst_key() when a key with unsupported algorithm is found first [RHEL7] (BZ#1884530)

Remediation

Upgrade Centos:7 bind-license to version 32:9.11.4-26.P2.el7_9.2 or higher.

References

medium severity

RHSA-2020:5002

  • Vulnerable module: curl
  • Introduced through: curl@7.29.0-59.el7
  • Fixed in: 0:7.29.0-59.el7_9.1

Detailed paths

  • Introduced through: centos:centos7.9.2009@* curl@7.29.0-59.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See Remediation section below for Centos:7 relevant versions.

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: Incorrect argument check can allow remote servers to overwrite local files (CVE-2020-8177) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:7 curl to version 0:7.29.0-59.el7_9.1 or higher.

References

medium severity

RHSA-2021:0348

  • Vulnerable module: glibc
  • Introduced through: glibc@2.17-317.el7
  • Fixed in: 0:2.17-322.el7_9

Detailed paths

  • Introduced through: centos:centos7.9.2009@* glibc@2.17-317.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc package. See Remediation section below for Centos:7 relevant versions.

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding (CVE-2019-25013) * glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions (CVE-2020-10029) * glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern (CVE-2020-29573) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * glibc: 64bit_strstr_via_64bit_strstr_sse2_unaligned detection fails with large device and inode numbers (BZ#1883162) * glibc: Performance regression in ebizzy benchmark (BZ#1889977)

Remediation

Upgrade Centos:7 glibc to version 0:2.17-322.el7_9 or higher.

References

medium severity

RHSA-2021:0348

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.17-317.el7
  • Fixed in: 0:2.17-322.el7_9

Detailed paths

  • Introduced through: centos:centos7.9.2009@* glibc-common@2.17-317.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc-common package. See Remediation section below for Centos:7 relevant versions.

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding (CVE-2019-25013) * glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions (CVE-2020-10029) * glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern (CVE-2020-29573) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * glibc: 64bit_strstr_via_64bit_strstr_sse2_unaligned detection fails with large device and inode numbers (BZ#1883162) * glibc: Performance regression in ebizzy benchmark (BZ#1889977)

Remediation

Upgrade Centos:7 glibc-common to version 0:2.17-322.el7_9 or higher.

References

medium severity

RHSA-2020:5002

  • Vulnerable module: libcurl
  • Introduced through: libcurl@7.29.0-59.el7
  • Fixed in: 0:7.29.0-59.el7_9.1

Detailed paths

  • Introduced through: centos:centos7.9.2009@* libcurl@7.29.0-59.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream libcurl package. See Remediation section below for Centos:7 relevant versions.

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: Incorrect argument check can allow remote servers to overwrite local files (CVE-2020-8177) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:7 libcurl to version 0:7.29.0-59.el7_9.1 or higher.

References

medium severity

RHSA-2021:1384

  • Vulnerable module: nss
  • Introduced through: nss@3.53.1-3.el7_9
  • Fixed in: 0:3.53.1-7.el7_9

Detailed paths

  • Introduced through: centos:centos7.9.2009@* nss@3.53.1-3.el7_9

NVD Description

Note: Versions mentioned in the description apply to the upstream nss package. See Remediation section below for Centos:7 relevant versions.

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * nss: TLS 1.3 CCS flood remote DoS Attack (CVE-2020-25648) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * FTBFS: Paypal Cert expired (BZ#1883973) * FTBFS: IKE CLASS_1563 fails gtest (BZ#1884793) * Cannot compile code with nss headers and -Werror=strict-prototypes (BZ#1885321) * CA HSM ncipher token disabled after RHEL-7.9 update (BZ#1932193)

Remediation

Upgrade Centos:7 nss to version 0:3.53.1-7.el7_9 or higher.

References

medium severity

RHSA-2021:1384

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.53.1-3.el7_9
  • Fixed in: 0:3.53.1-7.el7_9

Detailed paths

  • Introduced through: centos:centos7.9.2009@* nss-sysinit@3.53.1-3.el7_9

NVD Description

Note: Versions mentioned in the description apply to the upstream nss-sysinit package. See Remediation section below for Centos:7 relevant versions.

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * nss: TLS 1.3 CCS flood remote DoS Attack (CVE-2020-25648) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * FTBFS: Paypal Cert expired (BZ#1883973) * FTBFS: IKE CLASS_1563 fails gtest (BZ#1884793) * Cannot compile code with nss headers and -Werror=strict-prototypes (BZ#1885321) * CA HSM ncipher token disabled after RHEL-7.9 update (BZ#1932193)

Remediation

Upgrade Centos:7 nss-sysinit to version 0:3.53.1-7.el7_9 or higher.

References

medium severity

RHSA-2021:1384

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.53.1-3.el7_9
  • Fixed in: 0:3.53.1-7.el7_9

Detailed paths

  • Introduced through: centos:centos7.9.2009@* nss-tools@3.53.1-3.el7_9

NVD Description

Note: Versions mentioned in the description apply to the upstream nss-tools package. See Remediation section below for Centos:7 relevant versions.

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * nss: TLS 1.3 CCS flood remote DoS Attack (CVE-2020-25648) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * FTBFS: Paypal Cert expired (BZ#1883973) * FTBFS: IKE CLASS_1563 fails gtest (BZ#1884793) * Cannot compile code with nss headers and -Werror=strict-prototypes (BZ#1885321) * CA HSM ncipher token disabled after RHEL-7.9 update (BZ#1932193)

Remediation

Upgrade Centos:7 nss-tools to version 0:3.53.1-7.el7_9 or higher.

References

medium severity

RHSA-2021:1389

  • Vulnerable module: openldap
  • Introduced through: openldap@2.4.44-22.el7
  • Fixed in: 0:2.4.44-23.el7_9

Detailed paths

  • Introduced through: centos:centos7.9.2009@* openldap@2.4.44-22.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream openldap package. See Remediation section below for Centos:7 relevant versions.

OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. Security Fix(es): * openldap: NULL pointer dereference for unauthenticated packet in slapd (CVE-2020-25692) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:7 openldap to version 0:2.4.44-23.el7_9 or higher.

References

medium severity

RHSA-2020:5009

  • Vulnerable module: python
  • Introduced through: python@2.7.5-89.el7
  • Fixed in: 0:2.7.5-90.el7

Detailed paths

  • Introduced through: centos:centos7.9.2009@* python@2.7.5-89.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream python package. See Remediation section below for Centos:7 relevant versions.

Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fix(es): * python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:7 python to version 0:2.7.5-90.el7 or higher.

References

medium severity

RHSA-2020:5009

  • Vulnerable module: python-libs
  • Introduced through: python-libs@2.7.5-89.el7
  • Fixed in: 0:2.7.5-90.el7

Detailed paths

  • Introduced through: centos:centos7.9.2009@* python-libs@2.7.5-89.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream python-libs package. See Remediation section below for Centos:7 relevant versions.

Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fix(es): * python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:7 python-libs to version 0:2.7.5-90.el7 or higher.

References