search

docker-library / openjdk

Docker Official Image packaging for EA builds of OpenJDK from Oracle
http://openjdk.java.net
MIT License
1.14k stars 475 forks source link

CVE-2020-29362 detected by Trivy scanner as critical #447

Closed pablocoberly closed 3 years ago

pablocoberly commented 3 years ago

Hi,

Trivy has alerted us about a critical vulnerability: CVE-2020-29362 in openjdk:11.0.9.1-jre-slim-buster

See https://nvd.nist.gov/vuln/detail/CVE-2020-29362 and https://security-tracker.debian.org/tracker/CVE-2020-29362.


+-----------------+------------------+----------+-------------------+-------------------+---------------------------------------+
|     LIBRARY     | VULNERABILITY ID | SEVERITY | INSTALLED VERSION |   FIXED VERSION   |                 TITLE                 |
+-----------------+------------------+----------+-------------------+-------------------+---------------------------------------+
| libp11-kit0     | CVE-2020-29362   | CRITICAL | 0.23.15-2         | 0.23.15-2+deb10u1 | p11-kit: out-of-bounds read in        |
|                 |                  |          |                   |                   | p11_rpc_buffer_get_byte_array         |
|                 |                  |          |                   |                   | function in rpc-message.c             |
|                 |                  |          |                   |                   | -->avd.aquasec.com/nvd/cve-2020-29362 |
+-----------------+                  +          +                   +                   +                                       +
| p11-kit         |                  |          |                   |                   |                                       |
|                 |                  |          |                   |                   |                                       |
|                 |                  |          |                   |                   |                                       |
|                 |                  |          |                   |                   |                                       |
+-----------------+                  +          +                   +                   +                                       +
| p11-kit-modules |                  |          |                   |                   |                                       |
|                 |                  |          |                   |                   |                                       |
|                 |                  |          |                   |                   |                                       |
|                 |                  |          |                   |                   |                                       |
+-----------------+------------------+----------+-------------------+-------------------+---------------------------------------+```
tianon commented 3 years ago

This is really https://github.com/debuerreotype/docker-debian-artifacts/issues/111, so I'm closing in favor of it. Thanks! :+1: