search

grafana / grafana-docker

Grafana docker container
Other
643 stars 377 forks source link

Known security vulnerabilities in Docker image #138

Closed witten closed 6 years ago

witten commented 6 years ago

According to the Clair container vulnerability scanner and the Klar client, the Grafana Docker images contain a number of known security vulnerabilities of varying severities. This might be fixed most easily by upgrading to a newer base image than debian:jessie. Additionally, using multi-stage builds may help in omitting certain build dependencies like gcc that don't need to end up in the final image.

$ CLAIR_OUTPUT=Unknown CLAIR_ADDR=http://localhost:6060 ./klar-2.0.1-linux-amd64 grafana/grafana:master
Analysing 8 layers
Got results from Clair API v1
Found 58 vulnerabilities
CVE-2018-1049: [Unknown] 
Found in: systemd
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.
https://security-tracker.debian.org/tracker/CVE-2018-1049
-----------------------------------------
CVE-2018-1049: [Unknown] 
Found in: systemd
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.
https://security-tracker.debian.org/tracker/CVE-2018-1049
-----------------------------------------
CVE-2018-1049: [Unknown] 
Found in: systemd
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.
https://security-tracker.debian.org/tracker/CVE-2018-1049
-----------------------------------------
CVE-2018-1049: [Unknown] 
Found in: systemd
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.
https://security-tracker.debian.org/tracker/CVE-2018-1049
-----------------------------------------
CVE-2016-4484: [Negligible] 
Found in: cryptsetup
The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.
https://security-tracker.debian.org/tracker/CVE-2016-4484
-----------------------------------------
CVE-2018-6829: [Negligible] 
Found in: libgcrypt20
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.
https://security-tracker.debian.org/tracker/CVE-2018-6829
-----------------------------------------
CVE-2015-5186: [Negligible] 
Found in: audit
Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.
https://security-tracker.debian.org/tracker/CVE-2015-5186
-----------------------------------------
CVE-2017-8283: [Negligible] 
Found in: dpkg
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.
https://security-tracker.debian.org/tracker/CVE-2017-8283
-----------------------------------------
CVE-2005-2541: [Negligible] 
Found in: tar
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
https://security-tracker.debian.org/tracker/CVE-2005-2541
-----------------------------------------
CVE-2017-7246: [Negligible] 
Found in: pcre3
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.
https://security-tracker.debian.org/tracker/CVE-2017-7246
-----------------------------------------
CVE-2017-7246: [Negligible] 
Found in: pcre3
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.
https://security-tracker.debian.org/tracker/CVE-2017-7246
-----------------------------------------
CVE-2017-7246: [Negligible] 
Found in: pcre3
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.
https://security-tracker.debian.org/tracker/CVE-2017-7246
-----------------------------------------
CVE-2017-7246: [Negligible] 
Found in: pcre3
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.
https://security-tracker.debian.org/tracker/CVE-2017-7246
-----------------------------------------
CVE-2017-7246: [Negligible] 
Found in: pcre3
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.
https://security-tracker.debian.org/tracker/CVE-2017-7246
-----------------------------------------
CVE-2017-7246: [Negligible] 
Found in: pcre3
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.
https://security-tracker.debian.org/tracker/CVE-2017-7246
-----------------------------------------
CVE-2017-7246: [Negligible] 
Found in: pcre3
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.
https://security-tracker.debian.org/tracker/CVE-2017-7246
-----------------------------------------
CVE-2011-3374: [Negligible] 
Found in: apt

https://security-tracker.debian.org/tracker/CVE-2011-3374
-----------------------------------------
CVE-2007-5686: [Negligible] 
Found in: shadow
initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts.  NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
https://security-tracker.debian.org/tracker/CVE-2007-5686
-----------------------------------------
CVE-2007-5686: [Negligible] 
Found in: shadow
initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts.  NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
https://security-tracker.debian.org/tracker/CVE-2007-5686
-----------------------------------------
CVE-2007-5686: [Negligible] 
Found in: shadow
initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts.  NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
https://security-tracker.debian.org/tracker/CVE-2007-5686
-----------------------------------------
CVE-2007-5686: [Negligible] 
Found in: shadow
initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts.  NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
https://security-tracker.debian.org/tracker/CVE-2007-5686
-----------------------------------------
CVE-2011-4116: [Negligible] 
Found in: perl

https://security-tracker.debian.org/tracker/CVE-2011-4116
-----------------------------------------
CVE-2018-6829: [Negligible] 
Found in: gnupg
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.
https://security-tracker.debian.org/tracker/CVE-2018-6829
-----------------------------------------
CVE-2017-11671: [Low] 
Found in: gcc-4.8
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.
https://security-tracker.debian.org/tracker/CVE-2017-11671
-----------------------------------------
CVE-2016-3189: [Low] 
Found in: bzip2
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
https://security-tracker.debian.org/tracker/CVE-2016-3189
-----------------------------------------
CVE-2016-9401: [Low] 
Found in: bash
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
https://security-tracker.debian.org/tracker/CVE-2016-9401
-----------------------------------------
CVE-2016-2781: [Low] 
Found in: coreutils
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
https://security-tracker.debian.org/tracker/CVE-2016-2781
-----------------------------------------
CVE-2016-2781: [Low] 
Found in: coreutils
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
https://security-tracker.debian.org/tracker/CVE-2016-2781
-----------------------------------------
CVE-2015-5276: [Medium] 
Found in: gcc-4.9
The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
https://security-tracker.debian.org/tracker/CVE-2015-5276
-----------------------------------------
CVE-2015-5276: [Medium] 
Found in: gcc-4.9
The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
https://security-tracker.debian.org/tracker/CVE-2015-5276
-----------------------------------------
CVE-2017-16879: [Medium] 
Found in: ncurses
Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.
https://security-tracker.debian.org/tracker/CVE-2017-16879
-----------------------------------------
CVE-2016-9841: [High] 
Found in: zlib
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
https://security-tracker.debian.org/tracker/CVE-2016-9841
-----------------------------------------
CVE-2016-9841: [High] 
Found in: zlib
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
https://security-tracker.debian.org/tracker/CVE-2016-9841
-----------------------------------------
CVE-2016-9841: [High] 
Found in: zlib
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
https://security-tracker.debian.org/tracker/CVE-2016-9841
-----------------------------------------
CVE-2016-9841: [High] 
Found in: zlib
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
https://security-tracker.debian.org/tracker/CVE-2016-9841
-----------------------------------------
CVE-2016-2779: [High] 
Found in: util-linux
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
https://security-tracker.debian.org/tracker/CVE-2016-2779
-----------------------------------------
CVE-2016-2779: [High] 
Found in: util-linux
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
https://security-tracker.debian.org/tracker/CVE-2016-2779
-----------------------------------------
CVE-2016-2779: [High] 
Found in: util-linux
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
https://security-tracker.debian.org/tracker/CVE-2016-2779
-----------------------------------------
CVE-2016-2779: [High] 
Found in: util-linux
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
https://security-tracker.debian.org/tracker/CVE-2016-2779
-----------------------------------------
CVE-2016-2779: [High] 
Found in: util-linux
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
https://security-tracker.debian.org/tracker/CVE-2016-2779
-----------------------------------------
CVE-2017-16997: [High] 
Found in: glibc
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
https://security-tracker.debian.org/tracker/CVE-2017-16997
-----------------------------------------
CVE-2017-16997: [High] 
Found in: glibc
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
https://security-tracker.debian.org/tracker/CVE-2017-16997
-----------------------------------------
CVE-2017-16997: [High] 
Found in: glibc
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
https://security-tracker.debian.org/tracker/CVE-2017-16997
-----------------------------------------
CVE-2017-16997: [High] 
Found in: glibc
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
https://security-tracker.debian.org/tracker/CVE-2017-16997
-----------------------------------------
CVE-2017-16997: [High] 
Found in: glibc
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
https://security-tracker.debian.org/tracker/CVE-2017-16997
-----------------------------------------
CVE-2017-16997: [High] 
Found in: glibc
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
https://security-tracker.debian.org/tracker/CVE-2017-16997
-----------------------------------------
CVE-2017-16997: [High] 
Found in: glibc
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
https://security-tracker.debian.org/tracker/CVE-2017-16997
-----------------------------------------
CVE-2017-16997: [High] 
Found in: glibc
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
https://security-tracker.debian.org/tracker/CVE-2017-16997
-----------------------------------------
CVE-2017-16997: [High] 
Found in: glibc
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
https://security-tracker.debian.org/tracker/CVE-2017-16997
-----------------------------------------
CVE-2017-16997: [High] 
Found in: glibc
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
https://security-tracker.debian.org/tracker/CVE-2017-16997
-----------------------------------------
CVE-2017-16997: [High] 
Found in: glibc
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
https://security-tracker.debian.org/tracker/CVE-2017-16997
-----------------------------------------
CVE-2017-16997: [High] 
Found in: glibc
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
https://security-tracker.debian.org/tracker/CVE-2017-16997
-----------------------------------------
CVE-2017-16997: [High] 
Found in: glibc
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
https://security-tracker.debian.org/tracker/CVE-2017-16997
-----------------------------------------
CVE-2017-16997: [High] 
Found in: glibc
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
https://security-tracker.debian.org/tracker/CVE-2017-16997
-----------------------------------------
CVE-2017-16997: [High] 
Found in: glibc
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
https://security-tracker.debian.org/tracker/CVE-2017-16997
-----------------------------------------
CVE-2017-16997: [High] 
Found in: glibc
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
https://security-tracker.debian.org/tracker/CVE-2017-16997
-----------------------------------------
CVE-2017-16997: [High] 
Found in: glibc
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
https://security-tracker.debian.org/tracker/CVE-2017-16997
-----------------------------------------
CVE-2017-16997: [High] 
Found in: glibc
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
https://security-tracker.debian.org/tracker/CVE-2017-16997
-----------------------------------------
Unknown: 4
Negligible: 19
Low: 5
Medium: 3
High: 27
DanCech commented 6 years ago

See also https://github.com/grafana/grafana/pull/10655

xlson commented 6 years ago

Thanks for sharing this. I will to try to get an environment setup so I can test this myself when I find the time. We are going to release a new version of the image with Grafan 5.1. Any chance you'd be willing to run this against that image as well? It currently resides in the image-improvements branch.

witten commented 6 years ago

Sure thing. Below are the results on a Clair scan of an image built from the image-improvements branch.

Note that since posting this issue originally, I've discovered that pretty much all Debian-based Docker images have some number of vulnerabilities, because Debian itself (all versions) have some number of open vulnerabilities.

The two options I see are:

  1. Simply make sure you're using the newest Debian base image you can, and then put up with any known vulnerabilities therein.
  2. Or, use a more minimal base image like Alpine Linux, the most recent version of which does not come up with any vulnerabilities in a scan.
CLAIR_ADDR=localhost:6060 DOCKER_USER=REDACTED DOCKER_PASSWORD=REDACTED ./klar-2.0.2-linux-amd64 redacted.example.org/grafana:image-improvements
Analysing 3 layers
Handling connection for 6060
Got results from Clair API v1
Found 61 vulnerabilities
CVE-2018-0739: [Unknown] 
Found in: openssl1.0

https://security-tracker.debian.org/tracker/CVE-2018-0739
-----------------------------------------
CVE-2018-8740: [Unknown] 
Found in: sqlite3
In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
https://security-tracker.debian.org/tracker/CVE-2018-8740
-----------------------------------------
CVE-2018-8740: [Unknown] 
Found in: sqlite3
In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
https://security-tracker.debian.org/tracker/CVE-2018-8740
-----------------------------------------
CVE-2017-15088: [Negligible] 
Found in: krb5
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.
https://security-tracker.debian.org/tracker/CVE-2017-15088
-----------------------------------------
CVE-2017-15088: [Negligible] 
Found in: krb5
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.
https://security-tracker.debian.org/tracker/CVE-2017-15088
-----------------------------------------
CVE-2017-15088: [Negligible] 
Found in: krb5
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.
https://security-tracker.debian.org/tracker/CVE-2017-15088
-----------------------------------------
CVE-2017-15088: [Negligible] 
Found in: krb5
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.
https://security-tracker.debian.org/tracker/CVE-2017-15088
-----------------------------------------
CVE-2017-15088: [Negligible] 
Found in: krb5
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.
https://security-tracker.debian.org/tracker/CVE-2017-15088
-----------------------------------------
CVE-2017-15088: [Negligible] 
Found in: krb5
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.
https://security-tracker.debian.org/tracker/CVE-2017-15088
-----------------------------------------
CVE-2017-15088: [Negligible] 
Found in: krb5
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.
https://security-tracker.debian.org/tracker/CVE-2017-15088
-----------------------------------------
CVE-2018-6829: [Negligible] 
Found in: libgcrypt20
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.
https://security-tracker.debian.org/tracker/CVE-2018-6829
-----------------------------------------
CVE-2017-7245: [Negligible] 
Found in: pcre3
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.
https://security-tracker.debian.org/tracker/CVE-2017-7245
-----------------------------------------
CVE-2017-7245: [Negligible] 
Found in: pcre3
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.
https://security-tracker.debian.org/tracker/CVE-2017-7245
-----------------------------------------
CVE-2017-7245: [Negligible] 
Found in: pcre3
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.
https://security-tracker.debian.org/tracker/CVE-2017-7245
-----------------------------------------
CVE-2017-7245: [Negligible] 
Found in: pcre3
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.
https://security-tracker.debian.org/tracker/CVE-2017-7245
-----------------------------------------
CVE-2018-0733: [Negligible] 
Found in: openssl

https://security-tracker.debian.org/tracker/CVE-2018-0733
-----------------------------------------
CVE-2018-0733: [Negligible] 
Found in: openssl

https://security-tracker.debian.org/tracker/CVE-2018-0733
-----------------------------------------
CVE-2018-0733: [Negligible] 
Found in: openssl

https://security-tracker.debian.org/tracker/CVE-2018-0733
-----------------------------------------
CVE-2018-0733: [Negligible] 
Found in: openssl

https://security-tracker.debian.org/tracker/CVE-2018-0733
-----------------------------------------
CVE-2018-0733: [Negligible] 
Found in: openssl

https://security-tracker.debian.org/tracker/CVE-2018-0733
-----------------------------------------
CVE-2011-4116: [Negligible] 
Found in: perl

https://security-tracker.debian.org/tracker/CVE-2011-4116
-----------------------------------------
CVE-2013-0340: [Negligible] 
Found in: expat
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue.  NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
https://security-tracker.debian.org/tracker/CVE-2013-0340
-----------------------------------------
CVE-2017-18018: [Negligible] 
Found in: coreutils
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
https://security-tracker.debian.org/tracker/CVE-2017-18018
-----------------------------------------
CVE-2017-18018: [Negligible] 
Found in: coreutils
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
https://security-tracker.debian.org/tracker/CVE-2017-18018
-----------------------------------------
CVE-2011-3374: [Negligible] 
Found in: apt

https://security-tracker.debian.org/tracker/CVE-2011-3374
-----------------------------------------
CVE-2017-14159: [Negligible] 
Found in: openldap
slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript.
https://security-tracker.debian.org/tracker/CVE-2017-14159
-----------------------------------------
CVE-2017-14159: [Negligible] 
Found in: openldap
slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript.
https://security-tracker.debian.org/tracker/CVE-2017-14159
-----------------------------------------
CVE-2017-14159: [Negligible] 
Found in: openldap
slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript.
https://security-tracker.debian.org/tracker/CVE-2017-14159
-----------------------------------------
CVE-2018-7738: [Negligible] 
Found in: util-linux
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.
https://security-tracker.debian.org/tracker/CVE-2018-7738
-----------------------------------------
CVE-2018-7738: [Negligible] 
Found in: util-linux
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.
https://security-tracker.debian.org/tracker/CVE-2018-7738
-----------------------------------------
CVE-2005-2541: [Negligible] 
Found in: tar
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
https://security-tracker.debian.org/tracker/CVE-2005-2541
-----------------------------------------
CVE-2017-15671: [Low] 
Found in: glibc
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
https://security-tracker.debian.org/tracker/CVE-2017-15671
-----------------------------------------
CVE-2017-15671: [Low] 
Found in: glibc
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
https://security-tracker.debian.org/tracker/CVE-2017-15671
-----------------------------------------
CVE-2017-15671: [Low] 
Found in: glibc
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
https://security-tracker.debian.org/tracker/CVE-2017-15671
-----------------------------------------
CVE-2017-15671: [Low] 
Found in: glibc
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
https://security-tracker.debian.org/tracker/CVE-2017-15671
-----------------------------------------
CVE-2017-15671: [Low] 
Found in: glibc
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
https://security-tracker.debian.org/tracker/CVE-2017-15671
-----------------------------------------
CVE-2017-15671: [Low] 
Found in: glibc
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
https://security-tracker.debian.org/tracker/CVE-2017-15671
-----------------------------------------
CVE-2017-15671: [Low] 
Found in: glibc
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
https://security-tracker.debian.org/tracker/CVE-2017-15671
-----------------------------------------
CVE-2017-15671: [Low] 
Found in: glibc
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
https://security-tracker.debian.org/tracker/CVE-2017-15671
-----------------------------------------
CVE-2017-15671: [Low] 
Found in: glibc
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
https://security-tracker.debian.org/tracker/CVE-2017-15671
-----------------------------------------
CVE-2017-15671: [Low] 
Found in: glibc
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
https://security-tracker.debian.org/tracker/CVE-2017-15671
-----------------------------------------
CVE-2017-15671: [Low] 
Found in: glibc
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
https://security-tracker.debian.org/tracker/CVE-2017-15671
-----------------------------------------
CVE-2017-15671: [Low] 
Found in: glibc
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
https://security-tracker.debian.org/tracker/CVE-2017-15671
-----------------------------------------
CVE-2017-15671: [Low] 
Found in: glibc
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
https://security-tracker.debian.org/tracker/CVE-2017-15671
-----------------------------------------
CVE-2017-15671: [Low] 
Found in: glibc
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
https://security-tracker.debian.org/tracker/CVE-2017-15671
-----------------------------------------
CVE-2017-15671: [Low] 
Found in: glibc
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
https://security-tracker.debian.org/tracker/CVE-2017-15671
-----------------------------------------
CVE-2017-15671: [Low] 
Found in: glibc
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
https://security-tracker.debian.org/tracker/CVE-2017-15671
-----------------------------------------
CVE-2017-15671: [Low] 
Found in: glibc
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
https://security-tracker.debian.org/tracker/CVE-2017-15671
-----------------------------------------
CVE-2011-3389: [Medium] 
Found in: gnutls28
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
https://security-tracker.debian.org/tracker/CVE-2011-3389
-----------------------------------------
CVE-2018-7169: [Medium] 
Found in: shadow
An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.
https://security-tracker.debian.org/tracker/CVE-2018-7169
-----------------------------------------
CVE-2018-7169: [Medium] 
Found in: shadow
An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.
https://security-tracker.debian.org/tracker/CVE-2018-7169
-----------------------------------------
CVE-2018-7169: [Medium] 
Found in: shadow
An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.
https://security-tracker.debian.org/tracker/CVE-2018-7169
-----------------------------------------
CVE-2018-7169: [Medium] 
Found in: shadow
An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.
https://security-tracker.debian.org/tracker/CVE-2018-7169
-----------------------------------------
CVE-2017-16879: [Medium] 
Found in: ncurses
Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.
https://security-tracker.debian.org/tracker/CVE-2017-16879
-----------------------------------------
CVE-2018-6954: [High] 
Found in: systemd
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
https://security-tracker.debian.org/tracker/CVE-2018-6954
-----------------------------------------
CVE-2018-6954: [High] 
Found in: systemd
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
https://security-tracker.debian.org/tracker/CVE-2018-6954
-----------------------------------------
CVE-2018-6954: [High] 
Found in: systemd
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
https://security-tracker.debian.org/tracker/CVE-2018-6954
-----------------------------------------
CVE-2018-6954: [High] 
Found in: systemd
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
https://security-tracker.debian.org/tracker/CVE-2018-6954
-----------------------------------------
CVE-2018-6954: [High] 
Found in: systemd
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
https://security-tracker.debian.org/tracker/CVE-2018-6954
-----------------------------------------
CVE-2018-6954: [High] 
Found in: systemd
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
https://security-tracker.debian.org/tracker/CVE-2018-6954
-----------------------------------------
CVE-2017-14062: [High] 
Found in: libidn
Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
https://security-tracker.debian.org/tracker/CVE-2017-14062
-----------------------------------------
Unknown: 3
Negligible: 28
Low: 17
Medium: 6
High: 7
xlson commented 6 years ago

Thanks!

Keeping up to date with Debian seems like the best way to start for sure. I hope to be able to spend some time looking into an alpine based version of the image in the future but its not top priority right now.

xlson commented 6 years ago

I'm closing this issue as we probably won't do anything about it in the near future and the docker image creation has moved to the main Grafana repo. Thanks for making us aware of these potential problems.

https://github.com/grafana/grafana/tree/master/packaging/docker