Vulnerability Advisor is failing with the following issues. Several are at least moderate severity and so should be addressed ASAP.
The scan results show that 10 ISSUES were found for the image.
Vulnerable Packages Found
=========================
CVE-2019-5436
Policy Status
Active
Summary
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
* curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
Vendor Security Notice IDs Official Notice
RHSA-2020:1020 https://access.redhat.com/errata/RHSA-2020:1020
Affected Packages Policy Status How to Resolve Security Notice
curl Active Upgrade curl to >= 7.29.0-57.el7 RHSA-2020:1020
libcurl Active Upgrade libcurl to >= 7.29.0-57.el7 RHSA-2020:1020
CVE-2019-9924
Policy Status
Active
Summary
The bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux.
Security Fix(es):
* bash: BASH_CMD is writable in restricted bash shells (CVE-2019-9924)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
Vendor Security Notice IDs Official Notice
RHSA-2020:1113 https://access.redhat.com/errata/RHSA-2020:1113
Affected Packages Policy Status How to Resolve Security Notice
bash Active Upgrade bash to >= 4.2.46-34.el7 RHSA-2020:1113
CVE-2015-2716
Policy Status
Active
Summary
Expat is a C library for parsing XML documents.
Security Fix(es):
* expat: Integer overflow leading to buffer overflow in XML_GetBuffer() (CVE-2015-2716)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
Vendor Security Notice IDs Official Notice
RHSA-2020:1011 https://access.redhat.com/errata/RHSA-2020:1011
Affected Packages Policy Status How to Resolve Security Notice
expat Active Upgrade expat to >= 2.1.0-11.el7 RHSA-2020:1011
CVE-2015-8035
Policy Status
Active
Summary
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)
* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)
* libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)
* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)
* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)
* libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
Vendor Security Notice IDs Official Notice
RHSA-2020:1190 https://access.redhat.com/errata/RHSA-2020:1190
Affected Packages Policy Status How to Resolve Security Notice
libxml2 Active Upgrade libxml2 to >= 2.9.1-6.el7.4 RHSA-2020:1190
CVE-2016-5131
Policy Status
Active
Summary
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)
* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)
* libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)
* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)
* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)
* libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
Vendor Security Notice IDs Official Notice
RHSA-2020:1190 https://access.redhat.com/errata/RHSA-2020:1190
Affected Packages Policy Status How to Resolve Security Notice
libxml2 Active Upgrade libxml2 to >= 2.9.1-6.el7.4 RHSA-2020:1190
CVE-2017-15412
Policy Status
Active
Summary
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)
* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)
* libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)
* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)
* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)
* libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
Vendor Security Notice IDs Official Notice
RHSA-2020:1190 https://access.redhat.com/errata/RHSA-2020:1190
Affected Packages Policy Status How to Resolve Security Notice
libxml2 Active Upgrade libxml2 to >= 2.9.1-6.el7.4 RHSA-2020:1190
CVE-2017-18258
Policy Status
Active
Summary
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)
* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)
* libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)
* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)
* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)
* libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
Vendor Security Notice IDs Official Notice
RHSA-2020:1190 https://access.redhat.com/errata/RHSA-2020:1190
Affected Packages Policy Status How to Resolve Security Notice
libxml2 Active Upgrade libxml2 to >= 2.9.1-6.el7.4 RHSA-2020:1190
CVE-2018-14404
Policy Status
Active
Summary
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)
* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)
* libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)
* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)
* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)
* libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
Vendor Security Notice IDs Official Notice
RHSA-2020:1190 https://access.redhat.com/errata/RHSA-2020:1190
Affected Packages Policy Status How to Resolve Security Notice
libxml2 Active Upgrade libxml2 to >= 2.9.1-6.el7.4 RHSA-2020:1190
CVE-2018-14567
Policy Status
Active
Summary
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)
* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)
* libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)
* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)
* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)
* libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
Vendor Security Notice IDs Official Notice
RHSA-2020:1190 https://access.redhat.com/errata/RHSA-2020:1190
Affected Packages Policy Status How to Resolve Security Notice
libxml2 Active Upgrade libxml2 to >= 2.9.1-6.el7.4 RHSA-2020:1190
CVE-2019-3820
Policy Status
Active
Summary
GNOME is the default desktop environment of Red Hat Enterprise Linux.
Security Fix(es):
* gnome-shell: partial lock screen bypass (CVE-2019-3820)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
Vendor Security Notice IDs Official Notice
RHSA-2020:1021 https://access.redhat.com/errata/RHSA-2020:1021
Affected Packages Policy Status How to Resolve Security Notice
shared-mime-info Active Upgrade shared-mime-info to >= 1.8-5.el7 RHSA-2020:1021
OK
ERROR: The vulnerability scan was not successful, check the OUTPUT of the command and try again.
Vulnerability Advisor is failing with the following issues. Several are at least moderate severity and so should be addressed ASAP.