Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OracleLinux:7 image having high vulnerabilities with openssl-libs as per Snyk #51

Closed
manojkumarbardhan opened this issue Nov 22, 2022 · 1 comment
Closed

OracleLinux:7 image having high vulnerabilities with openssl-libs as per Snyk #51

manojkumarbardhan opened this issue Nov 22, 2022 · 1 comment

Comments

@manojkumarbardhan
Copy link

manojkumarbardhan commented Nov 22, 2022
edited
Loading

I'm using oraclelinux:7 as my base image, but still, it has a few high vulnerabilities. Could you please suggest getting the updated openssl-libs with oraclelinux:7 ? Or where can we download the OpenSSL-libs library with the patch?

✗ Medium severity vulnerability found in openssl-libs
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2602940
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.2k-23.ksplice1.el7_9

✗ Medium severity vulnerability found in openssl-libs
Description: ELSA-2017-3518
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2606539
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-60.ksplice1.el7_3.1

✗ Medium severity vulnerability found in openssl-libs
Description: ELSA-2019-4754
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2606752
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.2k-19.0.1.ksplice1.el7

✗ High severity vulnerability found in openssl-libs
Description: Cryptographic Issues
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2505233
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5

✗ High severity vulnerability found in openssl-libs
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2505373
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5

✗ High severity vulnerability found in openssl-libs
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2505618
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5

✗ High severity vulnerability found in openssl-libs
Description: Resource Management Errors
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2505658
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5

✗ High severity vulnerability found in openssl-libs
Description: Numeric Errors
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2507388
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

✗ High severity vulnerability found in openssl-libs
Description: Resource Management Errors
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2507411
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

✗ High severity vulnerability found in openssl-libs
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2507587
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

✗ High severity vulnerability found in openssl-libs
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2507608
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

✗ High severity vulnerability found in openssl-libs
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2508032
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5

✗ High severity vulnerability found in openssl-libs
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2508213
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5

✗ High severity vulnerability found in openssl-libs
Description: Numeric Errors
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2508299
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5

✗ High severity vulnerability found in openssl-libs
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2509593
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

✗ High severity vulnerability found in openssl-libs
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2510037
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

✗ High severity vulnerability found in openssl-libs
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2510043
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

✗ High severity vulnerability found in openssl-libs
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2510123
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

✗ High severity vulnerability found in openssl-libs
Description: Memory Leak
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2510229
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

✗ High severity vulnerability found in openssl-libs
Description: NULL Pointer Dereference
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2588958
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.2k-22.ksplice1.el7_9

✗ High severity vulnerability found in openssl-libs
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2590607
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.2k-22.ksplice1.el7_9

✗ High severity vulnerability found in openssl-libs
Description: Loop with Unreachable Exit Condition ('Infinite Loop')
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2605530
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 10:1.0.2k-25.el7_9_fips

✗ High severity vulnerability found in openssl-libs
Description: ELSA-2016-3523
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2606481
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.1e-51.ksplice1.el7_2.4

✗ High severity vulnerability found in openssl-libs
Description: ELSA-2018-4077
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2606565
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.2k-12.0.1.ksplice1.el7

✗ High severity vulnerability found in openssl-libs
Description: ELSA-2018-4267
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2606614
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.2k-16.0.1.ksplice1.el7

✗ High severity vulnerability found in openssl-libs
Description: ELSA-2018-4253
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2606634
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.2k-12.0.3.ksplice1.el7

✗ High severity vulnerability found in openssl-libs
Description: ELSA-2019-4581
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2606653
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.2k-16.0.1.ksplice1.el7_6.1

✗ High severity vulnerability found in openssl-libs
Description: ELSA-2019-4581
Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2606653
Introduced through: openssl-libs@1:1.0.2k-25.el7_9
From: openssl-libs@1:1.0.2k-25.el7_9
Fixed in: 2:1.0.2k-16.0.1.ksplice1.el7_6.1

Package manager: rpm
Platform: linux/amd64
Base image: oraclelinux:7.9

Thanks
Manoj
@tvierling
Copy link
Member

tvierling commented Dec 23, 2022
edited
Loading

This is a bug in your security scanner which needs to be taught that certain packages have multiple flavors. These are false positive findings.

For an explanation of this issue, see where I documented this for the Trivy scanner project: aquasecurity/trivy#1967 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tvierling @manojkumarbardhan