sjhx
commented
1 year ago Hi Sachin, Thanks for the report, having looked at the nvd refs I doubt that these are exploitable in the our case. I also note that there is no update from our vendor (RedHat), the current image has the latest glibc from them. Our build process will pick up the latest glibc when we release so the answer to your second question is yes subject to there being a new glibc available at the time.
I'll close your issue for now but feel free to follow up.
Hi,
Our security scans (Whitesource/Mend) found two Critical & High vulnerabilities for Portieris v0.13.3 image. Please confirm if these Vulnerabilities are True Positives; if yes, can you address them in the next release?
Component glibc (2.28) (CRITICAL) https://nvd.nist.gov/vuln/detail/CVE-2023-0687 (CRITICAL) https://nvd.nist.gov/vuln/detail/CVE-2019-1010022
Kind regards, Sachin