search

aws / aws-for-fluent-bit

The source of the amazon/aws-for-fluent-bit container image
Apache License 2.0
437 stars 130 forks source link

Linux rebuild 2.32.2.20230422 #808

Closed PettitWesley closed 2 months ago

PettitWesley commented 2 months ago 
$ trivy image public.ecr.aws/aws-observability/aws-for-fluent-bit:2.32.2
2024-04-22T16:21:51.351-0700    INFO    Need to update DB
2024-04-22T16:21:51.351-0700    INFO    DB Repository: ghcr.io/aquasecurity/trivy-db
2024-04-22T16:21:51.351-0700    INFO    Downloading DB...
45.27 MiB / 45.27 MiB [----------------------------------------------------------------------------------------------------------------] 100.00% 8.81 MiB p/s 5.3s
2024-04-22T16:21:57.339-0700    INFO    Vulnerability scanning is enabled
2024-04-22T16:21:57.339-0700    INFO    Secret scanning is enabled
2024-04-22T16:21:57.339-0700    INFO    If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-04-22T16:21:57.339-0700    INFO    Please see also https://aquasecurity.github.io/trivy/v0.38/docs/secret/scanning/#recommendation for faster secret detection
2024-04-22T16:22:09.483-0700    INFO    Detected OS: amazon
2024-04-22T16:22:09.483-0700    INFO    Detecting Amazon Linux vulnerabilities...
2024-04-22T16:22:09.491-0700    INFO    Number of language-specific files: 0

public.ecr.aws/aws-observability/aws-for-fluent-bit:2.32.2 (amazon 2 (Karoo))

Total: 7 (UNKNOWN: 0, LOW: 0, MEDIUM: 6, HIGH: 1, CRITICAL: 0)

┌────────────┬────────────────┬──────────┬─────────────────────┬─────────────────────┬──────────────────────────────────────────────────────────────┐
│  Library   │ Vulnerability  │ Severity │  Installed Version  │    Fixed Version    │                            Title                             │
├────────────┼────────────────┼──────────┼─────────────────────┼─────────────────────┼──────────────────────────────────────────────────────────────┤
│ glib2      │ CVE-2020-35457 │ HIGH     │ 2.56.1-9.amzn2.0.7  │ 2.56.1-9.amzn2.0.8  │ GNOME GLib before 2.65.3 has an integer overflow, that might │
│            │                │          │                     │                     │ lead to...                                                   │
│            │                │          │                     │                     │ https://avd.aquasec.com/nvd/cve-2020-35457                   │
├────────────┼────────────────┼──────────┼─────────────────────┼─────────────────────┼──────────────────────────────────────────────────────────────┤
│ krb5-devel │ CVE-2024-26458 │ MEDIUM   │ 1.15.1-55.amzn2.2.6 │ 1.15.1-55.amzn2.2.7 │ krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c            │
│            │                │          │                     │                     │ https://avd.aquasec.com/nvd/cve-2024-26458                   │
│            ├────────────────┤          │                     │                     ├──────────────────────────────────────────────────────────────┤
│            │ CVE-2024-26461 │          │                     │                     │ krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c    │
│            │                │          │                     │                     │ https://avd.aquasec.com/nvd/cve-2024-26461                   │
├────────────┼────────────────┤          │                     │                     ├──────────────────────────────────────────────────────────────┤
│ krb5-libs  │ CVE-2024-26458 │          │                     │                     │ krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c            │
│            │                │          │                     │                     │ https://avd.aquasec.com/nvd/cve-2024-26458                   │
│            ├────────────────┤          │                     │                     ├──────────────────────────────────────────────────────────────┤
│            │ CVE-2024-26461 │          │                     │                     │ krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c    │
│            │                │          │                     │                     │ https://avd.aquasec.com/nvd/cve-2024-26461                   │
├────────────┼────────────────┤          │                     │                     ├──────────────────────────────────────────────────────────────┤
│ libkadm5   │ CVE-2024-26458 │          │                     │                     │ krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c            │
│            │                │          │                     │                     │ https://avd.aquasec.com/nvd/cve-2024-26458                   │
│            ├────────────────┤          │                     │                     ├──────────────────────────────────────────────────────────────┤
│            │ CVE-2024-26461 │          │                     │                     │ krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c    │
│            │                │          │                     │                     │ https://avd.aquasec.com/nvd/cve-2024-26461                   │
└────────────┴────────────────┴──────────┴─────────────────────┴─────────────────────┴──────────────────────────────────────────────────────────────┘

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.