[Security] Image needs packages update to mitigate current CVEs

MariaDB / mariadb-docker

Docker Official Image packaging for MariaDB

https://mariadb.org

GNU General Public License v2.0

770 stars 438 forks source link

[Security] Image needs packages update to mitigate current CVEs #400

Closed francomile closed 2 years ago

francomile commented 2 years ago

Current Docker images have several vulnerabilities. Can you please mitigate this vulnerabilities by updating the image packages?

These CVEs affect mysql-8.0/libmysqlclient21 and qlite3/libsqlite3-0 Some examples of the vulnerabilities found: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35610 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2471 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9794

Thanks in advance

yosifkit commented 2 years ago

You may want to address at least the last one as a failure (false positive) in your security scanner:

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.

grooverdan commented 2 years ago

Yes, releases are coming.