This repository was archived by the owner on Apr 24, 2023. It is now read-only.
This repository was archived by the owner on Apr 24, 2023. It is now read-only.
Security patching of fluent bit latest docker image #29
Description
Looks like the latest version of fluent bit also has lot of security Vulnerabilities. Is there any action towards patching these?
fluent/fluent-bit:latest (debian 9.11)
======================================
Total: 30 (UNKNOWN: 0, LOW: 2, MEDIUM: 23, HIGH: 5, CRITICAL: 0)
+------------+------------------+----------+-------------------+---------------+--------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+------------+------------------+----------+-------------------+---------------+--------------------------------+
| libc6 | CVE-2018-1000001 | HIGH | 2.24-11+deb9u4 | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+----------+ +---------------+--------------------------------+
| | CVE-2009-5155 | MEDIUM | | | glibc: parse_reg_exp in |
| | | | | | posix/regcomp.c misparses |
| | | | | | alternatives leading to denial |
| | | | | | of service or... |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2010-4051 | | | | CVE-2010-4052 glibc: |
| | | | | | De-recursivise regular |
| | | | | | expression engine |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 |
| | | | | | glibc: De-recursivise regular |
| | | | | | expression engine |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2010-4756 | | | | glibc: glob implementation can |
| | | | | | cause excessive CPU and memory |
| | | | | | consumption due to... |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2015-8985 | | | | glibc: potential denial of |
| | | | | | service in pop_fail_stack() |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can |
| | | | | | hang when invoked with the -c |
| | | | | | option |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2016-10739 | | | | glibc: getaddrinfo should |
| | | | | | reject IP addresses with |
| | | | | | trailing characters |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2017-12132 | | | | glibc: Fragmentation attacks |
| | | | | | possible when EDNS0 is enabled |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on |
| | | | | | malicious ELF leads to code |
| | | | | | execution because of... |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using cache |
| | | | | | of thread stack and heap |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure |
| | | | | | of heap addresses of |
| | | | | | pthread_created thread |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2019-6488 | | | | glibc: Incorrect attempt to |
| | | | | | use a 64-bit register for |
| | | | | | size_t in assembly... |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +------------------+----------+ +---------------+--------------------------------+
| | CVE-2019-19126 | LOW | | | glibc: |
| | | | | | LD_PREFER_MAP_32BIT_EXEC not |
| | | | | | ignored in setuid binaries |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2019-7309 | | | | glibc: memcmp function |
| | | | | | incorrectly returns zero |
+------------+------------------+----------+-------------------+---------------+--------------------------------+
| libgcc1 | CVE-2018-12886 | MEDIUM | 6.3.0-18+deb9u1 | | gcc: spilling of stack |
| | | | | | protection address in |
| | | | | | cfgexpand.c and function.c |
| | | | | | leads to... |
+------------+ + + +---------------+ +
| libgomp1 | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+------------+------------------+ +-------------------+---------------+--------------------------------+
| libssl1.1 | CVE-2007-6755 | | 1.1.0l-1~deb9u1 | | Dual_EC_DRBG: weak pseudo |
| | | | | | random number generator |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2010-0928 | | | | openssl: RSA authentication |
| | | | | | weakness |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2019-1551 | | | | openssl: Integer overflow in |
| | | | | | RSAZ modular exponentiation on |
| | | | | | x86_64 |
+------------+------------------+ +-------------------+---------------+--------------------------------+
| libstdc++6 | CVE-2018-12886 | | 6.3.0-18+deb9u1 | | gcc: spilling of stack |
| | | | | | protection address in |
| | | | | | cfgexpand.c and function.c |
| | | | | | leads to... |
+------------+------------------+ +-------------------+---------------+--------------------------------+
| openssl | CVE-2007-6755 | | 1.1.0l-1~deb9u1 | | Dual_EC_DRBG: weak pseudo |
| | | | | | random number generator |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2010-0928 | | | | openssl: RSA authentication |
| | | | | | weakness |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2019-1551 | | | | openssl: Integer overflow in |
| | | | | | RSAZ modular exponentiation on |
| | | | | | x86_64 |
+------------+------------------+----------+-------------------+---------------+--------------------------------+