Docker centos:latest

Vulnerabilities

43 via 43 paths

Dependencies

172

Source

Group 6 Copy Created with Sketch. Docker

Target OS

centos:8
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 14
  • 26
  • 3
Status
  • 43
  • 0
  • 0

high severity

RHSA-2021:0670

  • Vulnerable module: bind-export-libs
  • Introduced through: bind-export-libs@32:9.11.20-5.el8
  • Fixed in: 32:9.11.20-5.el8_3.1

Detailed paths

  • Introduced through: centos:latest@* bind-export-libs@32:9.11.20-5.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream bind-export-libs package. See Remediation section below for Centos:8 relevant versions.

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation (CVE-2020-8625) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:8 bind-export-libs to version 32:9.11.20-5.el8_3.1 or higher.

References

high severity

RHSA-2021:1989

  • Vulnerable module: bind-export-libs
  • Introduced through: bind-export-libs@32:9.11.20-5.el8
  • Fixed in: 32:9.11.26-4.el8_4

Detailed paths

  • Introduced through: centos:latest@* bind-export-libs@32:9.11.20-5.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream bind-export-libs package. See Remediation section below for Centos:8 relevant versions.

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself (CVE-2021-25215) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:8 bind-export-libs to version 32:9.11.26-4.el8_4 or higher.

References

high severity

RHSA-2021:2359

  • Vulnerable module: dhcp-client
  • Introduced through: dhcp-client@12:4.3.6-41.el8
  • Fixed in: 12:4.3.6-44.el8_4.1

Detailed paths

  • Introduced through: centos:latest@* dhcp-client@12:4.3.6-41.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dhcp-client package. See Remediation section below for Centos:8 relevant versions.

The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient (CVE-2021-25217) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:8 dhcp-client to version 12:4.3.6-44.el8_4.1 or higher.

References

high severity

RHSA-2021:2359

  • Vulnerable module: dhcp-common
  • Introduced through: dhcp-common@12:4.3.6-41.el8
  • Fixed in: 12:4.3.6-44.el8_4.1

Detailed paths

  • Introduced through: centos:latest@* dhcp-common@12:4.3.6-41.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dhcp-common package. See Remediation section below for Centos:8 relevant versions.

The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient (CVE-2021-25217) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:8 dhcp-common to version 12:4.3.6-44.el8_4.1 or higher.

References

high severity

RHSA-2021:2359

  • Vulnerable module: dhcp-libs
  • Introduced through: dhcp-libs@12:4.3.6-41.el8
  • Fixed in: 12:4.3.6-44.el8_4.1

Detailed paths

  • Introduced through: centos:latest@* dhcp-libs@12:4.3.6-41.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dhcp-libs package. See Remediation section below for Centos:8 relevant versions.

The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient (CVE-2021-25217) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:8 dhcp-libs to version 12:4.3.6-44.el8_4.1 or higher.

References

high severity

RHSA-2021:2170

  • Vulnerable module: glib2
  • Introduced through: glib2@2.56.4-8.el8
  • Fixed in: 0:2.56.4-10.el8_4

Detailed paths

  • Introduced through: centos:latest@* glib2@2.56.4-8.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream glib2 package. See Remediation section below for Centos:8 relevant versions.

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fix(es): * glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits (CVE-2021-27219) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Refcounting issue causes crashes and slow workarounds (BZ#1953553)

Remediation

Upgrade Centos:8 glib2 to version 0:2.56.4-10.el8_4 or higher.

References

high severity

RHSA-2021:1206

  • Vulnerable module: gnutls
  • Introduced through: gnutls@3.6.14-6.el8
  • Fixed in: 0:3.6.14-8.el8_3

Detailed paths

  • Introduced through: centos:latest@* gnutls@3.6.14-6.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream gnutls package. See Remediation section below for Centos:8 relevant versions.

The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space. Security Fix(es): * nettle: Out of bounds memory access in signature verification (CVE-2021-20305) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:8 gnutls to version 0:3.6.14-8.el8_3 or higher.

References

high severity

RHSA-2021:1206

  • Vulnerable module: nettle
  • Introduced through: nettle@3.4.1-2.el8
  • Fixed in: 0:3.4.1-4.el8_3

Detailed paths

  • Introduced through: centos:latest@* nettle@3.4.1-2.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream nettle package. See Remediation section below for Centos:8 relevant versions.

The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space. Security Fix(es): * nettle: Out of bounds memory access in signature verification (CVE-2021-20305) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:8 nettle to version 0:3.4.1-4.el8_3 or higher.

References

high severity

RHSA-2020:5476

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.1.1g-11.el8
  • Fixed in: 1:1.1.1g-12.el8_3

Detailed paths

  • Introduced through: centos:latest@* openssl-libs@1:1.1.1g-11.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl-libs package. See Remediation section below for Centos:8 relevant versions.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Reject certificates with explicit EC parameters in strict mode (BZ#1891541) * Add FIPS selftest for HKDF, SSKDF, SSHKDF, and TLS12PRF; add DH_compute_key KAT to DH selftest (BZ#1891542)

Remediation

Upgrade Centos:8 openssl-libs to version 1:1.1.1g-12.el8_3 or higher.

References

high severity

RHSA-2021:1024

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.1.1g-11.el8
  • Fixed in: 1:1.1.1g-15.el8_3

Detailed paths

  • Introduced through: centos:latest@* openssl-libs@1:1.1.1g-11.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl-libs package. See Remediation section below for Centos:8 relevant versions.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449) * openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:8 openssl-libs to version 1:1.1.1g-15.el8_3 or higher.

References

high severity
new

RHSA-2021:2717

  • Vulnerable module: systemd
  • Introduced through: systemd@239-41.el8_3
  • Fixed in: 0:239-45.el8_4.2

Detailed paths

  • Introduced through: centos:latest@* systemd@239-41.el8_3

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd package. See Remediation section below for Centos:8 relevant versions.

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash (CVE-2021-33910) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:8 systemd to version 0:239-45.el8_4.2 or higher.

References

high severity
new

RHSA-2021:2717

  • Vulnerable module: systemd-libs
  • Introduced through: systemd-libs@239-41.el8_3
  • Fixed in: 0:239-45.el8_4.2

Detailed paths

  • Introduced through: centos:latest@* systemd-libs@239-41.el8_3

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd-libs package. See Remediation section below for Centos:8 relevant versions.

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash (CVE-2021-33910) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:8 systemd-libs to version 0:239-45.el8_4.2 or higher.

References

high severity
new

RHSA-2021:2717

  • Vulnerable module: systemd-pam
  • Introduced through: systemd-pam@239-41.el8_3
  • Fixed in: 0:239-45.el8_4.2

Detailed paths

  • Introduced through: centos:latest@* systemd-pam@239-41.el8_3

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd-pam package. See Remediation section below for Centos:8 relevant versions.

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash (CVE-2021-33910) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:8 systemd-pam to version 0:239-45.el8_4.2 or higher.

References

high severity
new

RHSA-2021:2717

  • Vulnerable module: systemd-udev
  • Introduced through: systemd-udev@239-41.el8_3
  • Fixed in: 0:239-45.el8_4.2

Detailed paths

  • Introduced through: centos:latest@* systemd-udev@239-41.el8_3

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd-udev package. See Remediation section below for Centos:8 relevant versions.

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash (CVE-2021-33910) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:8 systemd-udev to version 0:239-45.el8_4.2 or higher.

References

medium severity

RHSA-2021:1582

  • Vulnerable module: cpio
  • Introduced through: cpio@2.12-8.el8
  • Fixed in: 0:2.12-10.el8

Detailed paths

  • Introduced through: centos:latest@* cpio@2.12-8.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream cpio package. See Remediation section below for Centos:8 relevant versions.

The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fix(es): * cpio: improper input validation when writing tar header fields leads to unexpected tar generation (CVE-2019-14866) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Remediation

Upgrade Centos:8 cpio to version 0:2.12-10.el8 or higher.

References

medium severity

RHSA-2021:1610

  • Vulnerable module: curl
  • Introduced through: curl@7.61.1-14.el8
  • Fixed in: 0:7.61.1-18.el8

Detailed paths

  • Introduced through: centos:latest@* curl@7.61.1-14.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See Remediation section below for Centos:8 relevant versions.

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: FTP PASV command response can cause curl to connect to arbitrary host (CVE-2020-8284) * curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285) * curl: Inferior OCSP verification (CVE-2020-8286) * curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set (CVE-2020-8231) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Remediation

Upgrade Centos:8 curl to version 0:7.61.1-18.el8 or higher.

References

medium severity

RHSA-2021:1586

  • Vulnerable module: glib2
  • Introduced through: glib2@2.56.4-8.el8
  • Fixed in: 0:2.56.4-9.el8

Detailed paths

  • Introduced through: centos:latest@* glib2@2.56.4-8.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream glib2 package. See Remediation section below for Centos:8 relevant versions.

GNOME is the default desktop environment of Red Hat Enterprise Linux. The following packages have been upgraded to a later upstream version: accountsservice (0.6.55), webkit2gtk3 (2.30.4). (BZ#1846376, BZ#1883304) Security Fix(es): * webkitgtk: type confusion may lead to arbitrary code execution (CVE-2020-9948) * webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-9951) * webkitgtk: out-of-bounds write may lead to code execution (CVE-2020-9983) * webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13543) * webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13584) * glib2: insecure permissions for files and directories (CVE-2019-13012) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Remediation

Upgrade Centos:8 glib2 to version 0:2.56.4-9.el8 or higher.

References

medium severity

RHSA-2021:1585

  • Vulnerable module: glibc
  • Introduced through: glibc@2.28-127.el8
  • Fixed in: 0:2.28-151.el8

Detailed paths

  • Introduced through: centos:latest@* glibc@2.28-127.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc package. See Remediation section below for Centos:8 relevant versions.

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding (CVE-2019-25013) * glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read (CVE-2019-9169) * glibc: assertion failure in ISO-2022-JP-3 gconv module related to combining characters (CVE-2021-3326) * glibc: iconv program can hang when invoked with the -c option (CVE-2016-10228) * glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop (CVE-2020-27618) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Remediation

Upgrade Centos:8 glibc to version 0:2.28-151.el8 or higher.

References

medium severity

RHSA-2021:1585

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.28-127.el8
  • Fixed in: 0:2.28-151.el8

Detailed paths

  • Introduced through: centos:latest@* glibc-common@2.28-127.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc-common package. See Remediation section below for Centos:8 relevant versions.

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding (CVE-2019-25013) * glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read (CVE-2019-9169) * glibc: assertion failure in ISO-2022-JP-3 gconv module related to combining characters (CVE-2021-3326) * glibc: iconv program can hang when invoked with the -c option (CVE-2016-10228) * glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop (CVE-2020-27618) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Remediation

Upgrade Centos:8 glibc-common to version 0:2.28-151.el8 or higher.

References

medium severity

RHSA-2021:1585

  • Vulnerable module: glibc-minimal-langpack
  • Introduced through: glibc-minimal-langpack@2.28-127.el8
  • Fixed in: 0:2.28-151.el8

Detailed paths

  • Introduced through: centos:latest@* glibc-minimal-langpack@2.28-127.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc-minimal-langpack package. See Remediation section below for Centos:8 relevant versions.

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding (CVE-2019-25013) * glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read (CVE-2019-9169) * glibc: assertion failure in ISO-2022-JP-3 gconv module related to combining characters (CVE-2021-3326) * glibc: iconv program can hang when invoked with the -c option (CVE-2016-10228) * glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop (CVE-2020-27618) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Remediation

Upgrade Centos:8 glibc-minimal-langpack to version 0:2.28-151.el8 or higher.

References

medium severity

RHSA-2020:5483

  • Vulnerable module: gnutls
  • Introduced through: gnutls@3.6.14-6.el8
  • Fixed in: 0:3.6.14-7.el8_3

Detailed paths

  • Introduced through: centos:latest@* gnutls@3.6.14-6.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream gnutls package. See Remediation section below for Centos:8 relevant versions.

The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fix(es): * gnutls: Heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * gnutls: Add self-tests for implemented KDF algorithms and CMAC (BZ#1903037)

Remediation

Upgrade Centos:8 gnutls to version 0:3.6.14-7.el8_3 or higher.

References

medium severity

RHSA-2021:1593

  • Vulnerable module: krb5-libs
  • Introduced through: krb5-libs@1.18.2-5.el8
  • Fixed in: 0:1.18.2-8.el8

Detailed paths

  • Introduced through: centos:latest@* krb5-libs@1.18.2-5.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream krb5-libs package. See Remediation section below for Centos:8 relevant versions.

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es): * krb5: unbounded recursion via an ASN.1-encoded Kerberos message in lib/krb5/asn.1/asn1_encode.c may lead to DoS (CVE-2020-28196) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Remediation

Upgrade Centos:8 krb5-libs to version 0:1.18.2-8.el8 or higher.

References

medium severity

RHEA-2021:1580

  • Vulnerable module: libarchive
  • Introduced through: libarchive@3.3.2-9.el8
  • Fixed in: 0:3.3.3-1.el8

Detailed paths

  • Introduced through: centos:latest@* libarchive@3.3.2-9.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libarchive package. See Remediation section below for Centos:8 relevant versions.

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Remediation

Upgrade Centos:8 libarchive to version 0:3.3.3-1.el8 or higher.

References

medium severity

RHSA-2021:1610

  • Vulnerable module: libcurl-minimal
  • Introduced through: libcurl-minimal@7.61.1-14.el8
  • Fixed in: 0:7.61.1-18.el8

Detailed paths

  • Introduced through: centos:latest@* libcurl-minimal@7.61.1-14.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libcurl-minimal package. See Remediation section below for Centos:8 relevant versions.

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: FTP PASV command response can cause curl to connect to arbitrary host (CVE-2020-8284) * curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285) * curl: Inferior OCSP verification (CVE-2020-8286) * curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set (CVE-2020-8231) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Remediation

Upgrade Centos:8 libcurl-minimal to version 0:7.61.1-18.el8 or higher.

References

medium severity

RHSA-2021:1597

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.7-8.el8
  • Fixed in: 0:2.9.7-9.el8

Detailed paths

  • Introduced through: centos:latest@* libxml2@2.9.7-8.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libxml2 package. See Remediation section below for Centos:8 relevant versions.

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: Buffer overflow vulnerability in xmlEncodeEntitiesInternal() in entities.c (CVE-2020-24977) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Remediation

Upgrade Centos:8 libxml2 to version 0:2.9.7-9.el8 or higher.

References

medium severity

RHSA-2021:2569

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.7-8.el8
  • Fixed in: 0:2.9.7-9.el8_4.2

Detailed paths

  • Introduced through: centos:latest@* libxml2@2.9.7-8.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libxml2 package. See Remediation section below for Centos:8 relevant versions.

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3516) * libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3517) * libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c (CVE-2021-3518) * libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode (CVE-2021-3537) * libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms (CVE-2021-3541) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:8 libxml2 to version 0:2.9.7-9.el8_4.2 or higher.

References

medium severity

RHSA-2021:2575

  • Vulnerable module: lz4-libs
  • Introduced through: lz4-libs@1.8.3-2.el8
  • Fixed in: 0:1.8.3-3.el8_4

Detailed paths

  • Introduced through: centos:latest@* lz4-libs@1.8.3-2.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream lz4-libs package. See Remediation section below for Centos:8 relevant versions.

The lz4 packages provide support for LZ4, a very fast, lossless compression algorithm that provides compression speeds of 400 MB/s per core and scales with multicore CPUs. It also features an extremely fast decoder that reaches speeds of multiple GB/s per core and typically reaches RAM speed limits on multicore systems. Security Fix(es): * lz4: memory corruption due to an integer overflow bug caused by memmove argument (CVE-2021-3520) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:8 lz4-libs to version 0:1.8.3-3.el8_4 or higher.

References

medium severity

RHSA-2021:1609

  • Vulnerable module: p11-kit
  • Introduced through: p11-kit@0.23.14-5.el8_0
  • Fixed in: 0:0.23.22-1.el8

Detailed paths

  • Introduced through: centos:latest@* p11-kit@0.23.14-5.el8_0

NVD Description

Note: Versions mentioned in the description apply to the upstream p11-kit package. See Remediation section below for Centos:8 relevant versions.

The p11-kit packages provide a mechanism to manage PKCS#11 modules. The p11-kit-trust subpackage includes a PKCS#11 trust module that provides certificate anchors and black lists based on configuration files. The following packages have been upgraded to a later upstream version: p11-kit (0.23.22). (BZ#1887853) Security Fix(es): * p11-kit: integer overflow when allocating memory for arrays or attributes and object identifiers (CVE-2020-29361) * p11-kit: out-of-bounds read in p11_rpc_buffer_get_byte_array function in rpc-message.c (CVE-2020-29362) * p11-kit: out-of-bounds write in p11_rpc_buffer_get_byte_array_value function in rpc-message.c (CVE-2020-29363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Remediation

Upgrade Centos:8 p11-kit to version 0:0.23.22-1.el8 or higher.

References

medium severity

RHSA-2021:1609

  • Vulnerable module: p11-kit-trust
  • Introduced through: p11-kit-trust@0.23.14-5.el8_0
  • Fixed in: 0:0.23.22-1.el8

Detailed paths

  • Introduced through: centos:latest@* p11-kit-trust@0.23.14-5.el8_0

NVD Description

Note: Versions mentioned in the description apply to the upstream p11-kit-trust package. See Remediation section below for Centos:8 relevant versions.

The p11-kit packages provide a mechanism to manage PKCS#11 modules. The p11-kit-trust subpackage includes a PKCS#11 trust module that provides certificate anchors and black lists based on configuration files. The following packages have been upgraded to a later upstream version: p11-kit (0.23.22). (BZ#1887853) Security Fix(es): * p11-kit: integer overflow when allocating memory for arrays or attributes and object identifiers (CVE-2020-29361) * p11-kit: out-of-bounds read in p11_rpc_buffer_get_byte_array function in rpc-message.c (CVE-2020-29362) * p11-kit: out-of-bounds write in p11_rpc_buffer_get_byte_array_value function in rpc-message.c (CVE-2020-29363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Remediation

Upgrade Centos:8 p11-kit-trust to version 0:0.23.22-1.el8 or higher.

References

medium severity

RHSA-2021:1633

  • Vulnerable module: platform-python
  • Introduced through: platform-python@3.6.8-31.el8
  • Fixed in: 0:3.6.8-37.el8

Detailed paths

  • Introduced through: centos:latest@* platform-python@3.6.8-31.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream platform-python package. See Remediation section below for Centos:8 relevant versions.

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: CRLF injection via HTTP request method in httplib/http.client (CVE-2020-26116) * python: Unsafe use of eval() on data retrieved via HTTP in the test suite (CVE-2020-27619) * python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c (CVE-2021-3177) * python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters (CVE-2021-23336) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Remediation

Upgrade Centos:8 platform-python to version 0:3.6.8-37.el8 or higher.

References

medium severity

RHSA-2021:1633

  • Vulnerable module: python3-libs
  • Introduced through: python3-libs@3.6.8-31.el8
  • Fixed in: 0:3.6.8-37.el8

Detailed paths

  • Introduced through: centos:latest@* python3-libs@3.6.8-31.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream python3-libs package. See Remediation section below for Centos:8 relevant versions.

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: CRLF injection via HTTP request method in httplib/http.client (CVE-2020-26116) * python: Unsafe use of eval() on data retrieved via HTTP in the test suite (CVE-2020-27619) * python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c (CVE-2021-3177) * python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters (CVE-2021-23336) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Remediation

Upgrade Centos:8 python3-libs to version 0:3.6.8-37.el8 or higher.

References

medium severity

RHSA-2021:2574

  • Vulnerable module: python3-rpm
  • Introduced through: python3-rpm@4.14.3-4.el8
  • Fixed in: 0:4.14.3-14.el8_4

Detailed paths

  • Introduced through: centos:latest@* python3-rpm@4.14.3-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream python3-rpm package. See Remediation section below for Centos:8 relevant versions.

The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Security Fix(es): * rpm: Signature checks bypass via corrupted rpm package (CVE-2021-20271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:8 python3-rpm to version 0:4.14.3-14.el8_4 or higher.

References

medium severity

RHSA-2021:2574

  • Vulnerable module: rpm
  • Introduced through: rpm@4.14.3-4.el8
  • Fixed in: 0:4.14.3-14.el8_4

Detailed paths

  • Introduced through: centos:latest@* rpm@4.14.3-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream rpm package. See Remediation section below for Centos:8 relevant versions.

The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Security Fix(es): * rpm: Signature checks bypass via corrupted rpm package (CVE-2021-20271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:8 rpm to version 0:4.14.3-14.el8_4 or higher.

References

medium severity

RHSA-2021:2574

  • Vulnerable module: rpm-build-libs
  • Introduced through: rpm-build-libs@4.14.3-4.el8
  • Fixed in: 0:4.14.3-14.el8_4

Detailed paths

  • Introduced through: centos:latest@* rpm-build-libs@4.14.3-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream rpm-build-libs package. See Remediation section below for Centos:8 relevant versions.

The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Security Fix(es): * rpm: Signature checks bypass via corrupted rpm package (CVE-2021-20271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:8 rpm-build-libs to version 0:4.14.3-14.el8_4 or higher.

References

medium severity

RHSA-2021:2574

  • Vulnerable module: rpm-libs
  • Introduced through: rpm-libs@4.14.3-4.el8
  • Fixed in: 0:4.14.3-14.el8_4

Detailed paths

  • Introduced through: centos:latest@* rpm-libs@4.14.3-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream rpm-libs package. See Remediation section below for Centos:8 relevant versions.

The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Security Fix(es): * rpm: Signature checks bypass via corrupted rpm package (CVE-2021-20271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:8 rpm-libs to version 0:4.14.3-14.el8_4 or higher.

References

medium severity

RHSA-2021:1581

  • Vulnerable module: sqlite-libs
  • Introduced through: sqlite-libs@3.26.0-11.el8
  • Fixed in: 0:3.26.0-13.el8

Detailed paths

  • Introduced through: centos:latest@* sqlite-libs@3.26.0-11.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite-libs package. See Remediation section below for Centos:8 relevant versions.

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. Security Fix(es): * sqlite: integer overflow in sqlite3_str_vappendf function in printf.c (CVE-2020-13434) * sqlite: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization in select.c (CVE-2020-15358) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Remediation

Upgrade Centos:8 sqlite-libs to version 0:3.26.0-13.el8 or higher.

References

medium severity

RHSA-2021:1611

  • Vulnerable module: systemd
  • Introduced through: systemd@239-41.el8_3
  • Fixed in: 0:239-45.el8

Detailed paths

  • Introduced through: centos:latest@* systemd@239-41.el8_3

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd package. See Remediation section below for Centos:8 relevant versions.

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" (CVE-2019-3842) * systemd: Mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digits (CVE-2020-13776) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Remediation

Upgrade Centos:8 systemd to version 0:239-45.el8 or higher.

References

medium severity

RHSA-2021:1611

  • Vulnerable module: systemd-libs
  • Introduced through: systemd-libs@239-41.el8_3
  • Fixed in: 0:239-45.el8

Detailed paths

  • Introduced through: centos:latest@* systemd-libs@239-41.el8_3

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd-libs package. See Remediation section below for Centos:8 relevant versions.

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" (CVE-2019-3842) * systemd: Mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digits (CVE-2020-13776) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Remediation

Upgrade Centos:8 systemd-libs to version 0:239-45.el8 or higher.

References

medium severity

RHSA-2021:1611

  • Vulnerable module: systemd-pam
  • Introduced through: systemd-pam@239-41.el8_3
  • Fixed in: 0:239-45.el8

Detailed paths

  • Introduced through: centos:latest@* systemd-pam@239-41.el8_3

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd-pam package. See Remediation section below for Centos:8 relevant versions.

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" (CVE-2019-3842) * systemd: Mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digits (CVE-2020-13776) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Remediation

Upgrade Centos:8 systemd-pam to version 0:239-45.el8 or higher.

References

medium severity

RHSA-2021:1611

  • Vulnerable module: systemd-udev
  • Introduced through: systemd-udev@239-41.el8_3
  • Fixed in: 0:239-45.el8

Detailed paths

  • Introduced through: centos:latest@* systemd-udev@239-41.el8_3

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd-udev package. See Remediation section below for Centos:8 relevant versions.

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" (CVE-2019-3842) * systemd: Mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digits (CVE-2020-13776) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Remediation

Upgrade Centos:8 systemd-udev to version 0:239-45.el8 or higher.

References

low severity

RHSA-2021:1679

  • Vulnerable module: bash
  • Introduced through: bash@4.4.19-12.el8
  • Fixed in: 0:4.4.19-14.el8

Detailed paths

  • Introduced through: centos:latest@* bash@4.4.19-12.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream bash package. See Remediation section below for Centos:8 relevant versions.

The bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux. Security Fix(es): * bash: when effective UID is not equal to its real UID the saved UID is not dropped (CVE-2019-18276) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Remediation

Upgrade Centos:8 bash to version 0:4.4.19-14.el8 or higher.

References

low severity

RHSA-2021:1675

  • Vulnerable module: libdb
  • Introduced through: libdb@5.3.28-39.el8
  • Fixed in: 0:5.3.28-40.el8

Detailed paths

  • Introduced through: centos:latest@* libdb@5.3.28-39.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libdb package. See Remediation section below for Centos:8 relevant versions.

The libdb packages provide the Berkeley Database, an embedded database supporting both traditional and client/server applications. Security Fix(es): * libdb: Denial of service in the Data Store component (CVE-2019-2708) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Remediation

Upgrade Centos:8 libdb to version 0:5.3.28-40.el8 or higher.

References

low severity

RHSA-2021:1675

  • Vulnerable module: libdb-utils
  • Introduced through: libdb-utils@5.3.28-39.el8
  • Fixed in: 0:5.3.28-40.el8

Detailed paths

  • Introduced through: centos:latest@* libdb-utils@5.3.28-39.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libdb-utils package. See Remediation section below for Centos:8 relevant versions.

The libdb packages provide the Berkeley Database, an embedded database supporting both traditional and client/server applications. Security Fix(es): * libdb: Denial of service in the Data Store component (CVE-2019-2708) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Remediation

Upgrade Centos:8 libdb-utils to version 0:5.3.28-40.el8 or higher.

References