Skip to content

Instantly share code, notes, and snippets.

@jchauncey

jchauncey/debian-base-1.0.0

Created May 12, 2020 16:46
Show Gist options
  • Save jchauncey/6ce429041b0f1ab3a828bba6d016e12b to your computer and use it in GitHub Desktop.
Save jchauncey/6ce429041b0f1ab3a828bba6d016e12b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
debian-base-1.0.0
2020-05-12T12:46:16.544-0400 INFO Detecting Debian vulnerabilities...
k8s.gcr.io/debian-base:v1.0.0 (debian 9.8)
==========================================
Total: 129 (UNKNOWN: 0, LOW: 86, MEDIUM: 27, HIGH: 16, CRITICAL: 0)
+-------------------+---------------------+----------+-----------------------+-----------------+---------------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+-------------------+---------------------+----------+-----------------------+-----------------+---------------------------------------------+
| apt | CVE-2011-3374 | LOW | 1.4.9 | | It was found that apt-key |
| | | | | | in apt, all versions, do not |
| | | | | | correctly... |
+-------------------+---------------------+ +-----------------------+-----------------+---------------------------------------------+
| coreutils | CVE-2016-2781 | | 8.26-3 | | coreutils: Non-privileged |
| | | | | | session can escape to the |
| | | | | | parent session in chroot |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2017-18018 | | | | coreutils: race condition |
| | | | | | vulnerability in chown and |
| | | | | | chgrp |
+-------------------+---------------------+----------+-----------------------+-----------------+---------------------------------------------+
| gcc-6-base | CVE-2018-12886 | MEDIUM | 6.3.0-18+deb9u1 | | gcc: spilling of stack |
| | | | | | protection address in |
| | | | | | cfgexpand.c and function.c |
| | | | | | leads to... |
+-------------------+---------------------+ +-----------------------+-----------------+---------------------------------------------+
| gpgv | CVE-2018-1000858 | | 2.1.18-8~deb9u4 | | gnupg2: Cross site |
| | | | | | request forgery in dirmngr |
| | | | | | resulting in an information |
| | | | | | disclosure... |
+ +---------------------+----------+ +-----------------+---------------------------------------------+
| | CVE-2018-9234 | LOW | | | GnuPG: Unenforced |
| | | | | | configuration allows |
| | | | | | for apparently valid |
| | | | | | certifications actually signed |
| | | | | | by signing... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-14855 | | | | gnupg2: OpenPGP Key |
| | | | | | Certification Forgeries with |
| | | | | | SHA-1 |
+-------------------+---------------------+ +-----------------------+-----------------+---------------------------------------------+
| libapt-pkg5.0 | CVE-2011-3374 | | 1.4.9 | | It was found that apt-key |
| | | | | | in apt, all versions, do not |
| | | | | | correctly... |
+-------------------+---------------------+----------+-----------------------+-----------------+---------------------------------------------+
| libbz2-1.0 | CVE-2019-12900 | HIGH | 1.0.6-8.1 | | bzip2: out-of-bounds write in |
| | | | | | function BZ2_decompress |
+-------------------+---------------------+ +-----------------------+-----------------+---------------------------------------------+
| libc-bin | CVE-2018-1000001 | | 2.24-11+deb9u4 | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +---------------------+----------+ +-----------------+---------------------------------------------+
| | CVE-2009-5155 | MEDIUM | | | glibc: parse_reg_exp in |
| | | | | | posix/regcomp.c misparses |
| | | | | | alternatives leading to denial |
| | | | | | of service or... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2016-10739 | | | | glibc: getaddrinfo should |
| | | | | | reject IP addresses with |
| | | | | | trailing characters |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2017-12132 | | | | glibc: Fragmentation attacks |
| | | | | | possible when EDNS0 is enabled |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2020-1751 | | | | glibc: array overflow in |
| | | | | | backtrace functions for |
| | | | | | powerpc |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+ +---------------------+----------+ +-----------------+---------------------------------------------+
| | CVE-2010-4051 | LOW | | | CVE-2010-4052 glibc: |
| | | | | | De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 |
| | | | | | glibc: De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2010-4756 | | | | glibc: glob implementation can |
| | | | | | cause excessive CPU and memory |
| | | | | | consumption due to... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2015-8985 | | | | glibc: potential denial of |
| | | | | | service in pop_fail_stack() |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can |
| | | | | | hang when invoked with the -c |
| | | | | | option |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on |
| | | | | | malicious ELF leads to code |
| | | | | | execution because of... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using cache |
| | | | | | of thread stack and heap |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure |
| | | | | | of heap addresses of |
| | | | | | pthread_created thread |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-19126 | | | | glibc: |
| | | | | | LD_PREFER_MAP_32BIT_EXEC not |
| | | | | | ignored in setuid binaries |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-6488 | | | | glibc: Incorrect attempt to |
| | | | | | use a 64-bit register for |
| | | | | | size_t in assembly... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-7309 | | | | glibc: memcmp function |
| | | | | | incorrectly returns zero |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2020-10029 | | | | glibc: stack corruption from |
| | | | | | crafted input in cosl, sinl, |
| | | | | | sincosl, and tanl... |
+-------------------+---------------------+----------+ +-----------------+---------------------------------------------+
| libc6 | CVE-2018-1000001 | HIGH | | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +---------------------+----------+ +-----------------+---------------------------------------------+
| | CVE-2009-5155 | MEDIUM | | | glibc: parse_reg_exp in |
| | | | | | posix/regcomp.c misparses |
| | | | | | alternatives leading to denial |
| | | | | | of service or... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2016-10739 | | | | glibc: getaddrinfo should |
| | | | | | reject IP addresses with |
| | | | | | trailing characters |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2017-12132 | | | | glibc: Fragmentation attacks |
| | | | | | possible when EDNS0 is enabled |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2020-1751 | | | | glibc: array overflow in |
| | | | | | backtrace functions for |
| | | | | | powerpc |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+ +---------------------+----------+ +-----------------+---------------------------------------------+
| | CVE-2010-4051 | LOW | | | CVE-2010-4052 glibc: |
| | | | | | De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 |
| | | | | | glibc: De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2010-4756 | | | | glibc: glob implementation can |
| | | | | | cause excessive CPU and memory |
| | | | | | consumption due to... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2015-8985 | | | | glibc: potential denial of |
| | | | | | service in pop_fail_stack() |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can |
| | | | | | hang when invoked with the -c |
| | | | | | option |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on |
| | | | | | malicious ELF leads to code |
| | | | | | execution because of... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using cache |
| | | | | | of thread stack and heap |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure |
| | | | | | of heap addresses of |
| | | | | | pthread_created thread |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-19126 | | | | glibc: |
| | | | | | LD_PREFER_MAP_32BIT_EXEC not |
| | | | | | ignored in setuid binaries |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-6488 | | | | glibc: Incorrect attempt to |
| | | | | | use a 64-bit register for |
| | | | | | size_t in assembly... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-7309 | | | | glibc: memcmp function |
| | | | | | incorrectly returns zero |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2020-10029 | | | | glibc: stack corruption from |
| | | | | | crafted input in cosl, sinl, |
| | | | | | sincosl, and tanl... |
+-------------------+---------------------+----------+-----------------------+-----------------+---------------------------------------------+
| libcomerr2 | CVE-2019-5094 | MEDIUM | 1.43.4-2 | 1.43.4-2+deb9u1 | e2fsprogs: crafted |
| | | | | | ext4 partition leads to |
| | | | | | out-of-bounds write |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-5188 | | | | e2fsprogs: Out-of-bounds write |
| | | | | | in e2fsck/rehash.c |
+-------------------+---------------------+ +-----------------------+-----------------+---------------------------------------------+
| libelf1 | CVE-2018-16062 | | 0.168-1 | | elfutils: Heap-based buffer over-read in |
| | | | | | libdw/dwarf_getaranges.c:dwarf_getaranges() |
| | | | | | via crafted file |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2018-18310 | | | | elfutils: invalid memory |
| | | | | | address dereference |
| | | | | | was discovered in |
| | | | | | dwfl_segment_report_module.c |
| | | | | | in libdwfl |
+ +---------------------+----------+ +-----------------+---------------------------------------------+
| | CVE-2018-16402 | LOW | | | elfutils: Double-free due |
| | | | | | to double decompression |
| | | | | | of sections in crafted ELF |
| | | | | | causes... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2018-16403 | | | | elfutils: Heap-based |
| | | | | | buffer over-read in |
| | | | | | libdw/dwarf_getabbrev.c and |
| | | | | | libwd/dwarf_hasattr.c causes |
| | | | | | crash |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2018-18520 | | | | elfutils: eu-size cannot |
| | | | | | handle recursive ar files |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2018-18521 | | | | elfutils: Divide-by-zero in |
| | | | | | arlib_add_symbols function in |
| | | | | | arlib.c |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-7148 | | | | elfutils: excessive memory |
| | | | | | allocation in read_long_names |
| | | | | | in elf_begin.c in libelf |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-7149 | | | | elfutils: heap-based buffer |
| | | | | | over-read in read_srclines in |
| | | | | | dwarf_getsrclines.c in libdw |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-7150 | | | | elfutils: segmentation |
| | | | | | fault in elf64_xlatetom in |
| | | | | | libelf/elf32_xlatetom.c |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-7664 | | | | elfutils: out of bound |
| | | | | | write in elf_cvt_note in |
| | | | | | libelf/note_xlate.h |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-7665 | | | | elfutils: heap-based |
| | | | | | buffer over-read in |
| | | | | | function elf32_xlatetom in |
| | | | | | elf32_xlatetom.c |
+-------------------+---------------------+----------+-----------------------+-----------------+---------------------------------------------+
| libgcc1 | CVE-2018-12886 | MEDIUM | 6.3.0-18+deb9u1 | | gcc: spilling of stack |
| | | | | | protection address in |
| | | | | | cfgexpand.c and function.c |
| | | | | | leads to... |
+-------------------+---------------------+ +-----------------------+-----------------+---------------------------------------------+
| libgcrypt20 | CVE-2019-12904 | | 1.7.6-2+deb9u3 | | Libgcrypt: physical addresses |
| | | | | | being available to other |
| | | | | | processes leads to a |
| | | | | | flush-and-reload... |
+ +---------------------+----------+ +-----------------+---------------------------------------------+
| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal |
| | | | | | implementation doesn't |
| | | | | | have semantic security |
| | | | | | due to incorrectly encoded |
| | | | | | plaintexts... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-13627 | | | | libgcrypt: ECDSA timing |
| | | | | | attack in the libgcrypt20 |
| | | | | | cryptographic library |
+-------------------+---------------------+ +-----------------------+-----------------+---------------------------------------------+
| liblz4-1 | CVE-2019-17543 | | 0.0~r131-2 | | lz4: heap-based buffer |
| | | | | | overflow in LZ4_write32 |
+-------------------+---------------------+ +-----------------------+-----------------+---------------------------------------------+
| libnettle6 | CVE-2018-16869 | | 3.3-1 | | nettle: Leaky data conversion |
| | | | | | exposing a manager oracle |
+-------------------+---------------------+ +-----------------------+-----------------+---------------------------------------------+
| libpcre3 | CVE-2017-11164 | | 2:8.39-3 | | pcre: OP_KETRMAX feature |
| | | | | | in the match function in |
| | | | | | pcre_exec.c |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2017-16231 | | | | pcre: self-recursive call in |
| | | | | | match() in pcre_exec.c leads |
| | | | | | to denial of service... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2017-7245 | | | | pcre: stack-based |
| | | | | | buffer overflow write in |
| | | | | | pcre32_copy_substring |
+ +---------------------+ + +-----------------+ +
| | CVE-2017-7246 | | | | |
| | | | | | |
| | | | | | |
+-------------------+---------------------+----------+-----------------------+-----------------+---------------------------------------------+
| libstdc++6 | CVE-2018-12886 | MEDIUM | 6.3.0-18+deb9u1 | | gcc: spilling of stack |
| | | | | | protection address in |
| | | | | | cfgexpand.c and function.c |
| | | | | | leads to... |
+-------------------+---------------------+----------+-----------------------+-----------------+---------------------------------------------+
| libtinfo5 | CVE-2018-19211 | LOW | 6.0+20161126-1+deb9u2 | | ncurses: Null pointer |
| | | | | | dereference at function |
| | | | | | _nc_parse_entry in |
| | | | | | parse_entry.c |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-17594 | | | | ncurses: heap-based buffer |
| | | | | | overflow in the _nc_find_entry |
| | | | | | function in tinfo/comp_hash.c |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-17595 | | | | ncurses: heap-based buffer |
| | | | | | overflow in the fmt_entry |
| | | | | | function in tinfo/comp_hash.c |
+-------------------+---------------------+----------+-----------------------+-----------------+---------------------------------------------+
| libuuid1 | CVE-2016-2779 | HIGH | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+-------------------+---------------------+ +-----------------------+-----------------+---------------------------------------------+
| login | CVE-2017-12424 | | 1:4.4-4.1 | | shadow-utils: Buffer overflow |
| | | | | | via newusers tool |
+ +---------------------+----------+ +-----------------+---------------------------------------------+
| | CVE-2007-5686 | LOW | | | initscripts in rPath Linux 1 |
| | | | | | sets insecure permissions for |
| | | | | | the /var/log/btmp file,... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race |
| | | | | | conditions by copying and |
| | | | | | removing directory trees |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2018-7169 | | | | shadow-utils: newgidmap |
| | | | | | allows unprivileged user |
| | | | | | to drop supplementary |
| | | | | | groups potentially allowing |
| | | | | | privilege... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-19882 | | | | shadow-utils: local users |
| | | | | | can obtain root access |
| | | | | | because setuid programs are |
| | | | | | misconfigured... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | TEMP-0628843-DBAD28 | | | | |
+-------------------+---------------------+----------+-----------------------+-----------------+---------------------------------------------+
| multiarch-support | CVE-2018-1000001 | HIGH | 2.24-11+deb9u4 | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +---------------------+----------+ +-----------------+---------------------------------------------+
| | CVE-2009-5155 | MEDIUM | | | glibc: parse_reg_exp in |
| | | | | | posix/regcomp.c misparses |
| | | | | | alternatives leading to denial |
| | | | | | of service or... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2016-10739 | | | | glibc: getaddrinfo should |
| | | | | | reject IP addresses with |
| | | | | | trailing characters |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2017-12132 | | | | glibc: Fragmentation attacks |
| | | | | | possible when EDNS0 is enabled |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2020-1751 | | | | glibc: array overflow in |
| | | | | | backtrace functions for |
| | | | | | powerpc |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+ +---------------------+----------+ +-----------------+---------------------------------------------+
| | CVE-2010-4051 | LOW | | | CVE-2010-4052 glibc: |
| | | | | | De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 |
| | | | | | glibc: De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2010-4756 | | | | glibc: glob implementation can |
| | | | | | cause excessive CPU and memory |
| | | | | | consumption due to... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2015-8985 | | | | glibc: potential denial of |
| | | | | | service in pop_fail_stack() |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can |
| | | | | | hang when invoked with the -c |
| | | | | | option |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on |
| | | | | | malicious ELF leads to code |
| | | | | | execution because of... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using cache |
| | | | | | of thread stack and heap |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure |
| | | | | | of heap addresses of |
| | | | | | pthread_created thread |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-19126 | | | | glibc: |
| | | | | | LD_PREFER_MAP_32BIT_EXEC not |
| | | | | | ignored in setuid binaries |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-6488 | | | | glibc: Incorrect attempt to |
| | | | | | use a 64-bit register for |
| | | | | | size_t in assembly... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-7309 | | | | glibc: memcmp function |
| | | | | | incorrectly returns zero |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2020-10029 | | | | glibc: stack corruption from |
| | | | | | crafted input in cosl, sinl, |
| | | | | | sincosl, and tanl... |
+-------------------+---------------------+----------+-----------------------+-----------------+---------------------------------------------+
| passwd | CVE-2017-12424 | HIGH | 1:4.4-4.1 | | shadow-utils: Buffer overflow |
| | | | | | via newusers tool |
+ +---------------------+----------+ +-----------------+---------------------------------------------+
| | CVE-2007-5686 | LOW | | | initscripts in rPath Linux 1 |
| | | | | | sets insecure permissions for |
| | | | | | the /var/log/btmp file,... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race |
| | | | | | conditions by copying and |
| | | | | | removing directory trees |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2018-7169 | | | | shadow-utils: newgidmap |
| | | | | | allows unprivileged user |
| | | | | | to drop supplementary |
| | | | | | groups potentially allowing |
| | | | | | privilege... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-19882 | | | | shadow-utils: local users |
| | | | | | can obtain root access |
| | | | | | because setuid programs are |
| | | | | | misconfigured... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | TEMP-0628843-DBAD28 | | | | |
+-------------------+---------------------+ +-----------------------+-----------------+---------------------------------------------+
| perl-base | CVE-2011-4116 | | 5.24.1-3+deb9u5 | | perl: File::Temp insecure |
| | | | | | temporary file handling |
+-------------------+---------------------+ +-----------------------+-----------------+---------------------------------------------+
| tar | CVE-2005-2541 | | 1.29b-1.1 | | Tar 1.15.1 does not properly |
| | | | | | warn the user when extracting |
| | | | | | setuid or... |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2018-20482 | | | | tar: Infinite read loop in |
| | | | | | sparse_dump_region function in |
| | | | | | sparse.c |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | CVE-2019-9923 | | | | tar: null-pointer dereference |
| | | | | | in pax_decode_header in |
| | | | | | sparse.c |
+ +---------------------+ + +-----------------+---------------------------------------------+
| | TEMP-0290435-0B57B5 | | | | |
+-------------------+---------------------+----------+-----------------------+-----------------+---------------------------------------------+
Raw
debian-base-2.1.0
2020-05-11T16:16:11.577-0400 INFO Detecting Debian vulnerabilities...
us.gcr.io/k8s-artifacts-prod/build-image/debian-base-amd64:v2.1.0 (debian 10.3)
===============================================================================
Total: 77 (UNKNOWN: 0, LOW: 17, MEDIUM: 54, HIGH: 5, CRITICAL: 1)
+---------------+---------------------+----------+-------------------+---------------+--------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------------+---------------------+----------+-------------------+---------------+--------------------------------+
| apt | CVE-2011-3374 | MEDIUM | 1.8.2 | | It was found that apt-key |
| | | | | | in apt, all versions, do not |
| | | | | | correctly... |
+---------------+---------------------+----------+-------------------+---------------+--------------------------------+
| coreutils | CVE-2016-2781 | LOW | 8.30-3 | | coreutils: Non-privileged |
| | | | | | session can escape to the |
| | | | | | parent session in chroot |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2017-18018 | | | | coreutils: race condition |
| | | | | | vulnerability in chown and |
| | | | | | chgrp |
+---------------+---------------------+----------+-------------------+---------------+--------------------------------+
| gcc-8-base | CVE-2018-12886 | MEDIUM | 8.3.0-6 | | gcc: spilling of stack |
| | | | | | protection address in |
| | | | | | cfgexpand.c and function.c |
| | | | | | leads to... |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG |
| | | | | | intrinsic produces repeated |
| | | | | | output |
+---------------+---------------------+ +-------------------+---------------+--------------------------------+
| gpgv | CVE-2019-14855 | | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key |
| | | | | | Certification Forgeries with |
| | | | | | SHA-1 |
+---------------+---------------------+ +-------------------+---------------+--------------------------------+
| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2 | | It was found that apt-key |
| | | | | | in apt, all versions, do not |
| | | | | | correctly... |
+---------------+---------------------+----------+-------------------+---------------+--------------------------------+
| libc-bin | CVE-2019-1010022 | HIGH | 2.28-10 | | glibc: stack guard protection |
| | | | | | bypass |
+ +---------------------+----------+ +---------------+--------------------------------+
| | CVE-2010-4051 | MEDIUM | | | CVE-2010-4052 glibc: |
| | | | | | De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 |
| | | | | | glibc: De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2010-4756 | | | | glibc: glob implementation can |
| | | | | | cause excessive CPU and memory |
| | | | | | consumption due to... |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can |
| | | | | | hang when invoked with the -c |
| | | | | | option |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on |
| | | | | | malicious ELF leads to code |
| | | | | | execution because of... |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using cache |
| | | | | | of thread stack and heap |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure |
| | | | | | of heap addresses of |
| | | | | | pthread_created thread |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2020-1751 | | | | glibc: array overflow in |
| | | | | | backtrace functions for |
| | | | | | powerpc |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+ +---------------------+----------+ +---------------+--------------------------------+
| | CVE-2019-19126 | LOW | | | glibc: |
| | | | | | LD_PREFER_MAP_32BIT_EXEC not |
| | | | | | ignored in setuid binaries |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2020-10029 | | | | glibc: stack corruption from |
| | | | | | crafted input in cosl, sinl, |
| | | | | | sincosl, and tanl... |
+---------------+---------------------+----------+ +---------------+--------------------------------+
| libc6 | CVE-2019-1010022 | HIGH | | | glibc: stack guard protection |
| | | | | | bypass |
+ +---------------------+----------+ +---------------+--------------------------------+
| | CVE-2010-4051 | MEDIUM | | | CVE-2010-4052 glibc: |
| | | | | | De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 |
| | | | | | glibc: De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2010-4756 | | | | glibc: glob implementation can |
| | | | | | cause excessive CPU and memory |
| | | | | | consumption due to... |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can |
| | | | | | hang when invoked with the -c |
| | | | | | option |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on |
| | | | | | malicious ELF leads to code |
| | | | | | execution because of... |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using cache |
| | | | | | of thread stack and heap |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure |
| | | | | | of heap addresses of |
| | | | | | pthread_created thread |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2020-1751 | | | | glibc: array overflow in |
| | | | | | backtrace functions for |
| | | | | | powerpc |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+ +---------------------+----------+ +---------------+--------------------------------+
| | CVE-2019-19126 | LOW | | | glibc: |
| | | | | | LD_PREFER_MAP_32BIT_EXEC not |
| | | | | | ignored in setuid binaries |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2020-10029 | | | | glibc: stack corruption from |
| | | | | | crafted input in cosl, sinl, |
| | | | | | sincosl, and tanl... |
+---------------+---------------------+----------+-------------------+---------------+--------------------------------+
| libgcc1 | CVE-2018-12886 | MEDIUM | 8.3.0-6 | | gcc: spilling of stack |
| | | | | | protection address in |
| | | | | | cfgexpand.c and function.c |
| | | | | | leads to... |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG |
| | | | | | intrinsic produces repeated |
| | | | | | output |
+---------------+---------------------+ +-------------------+---------------+--------------------------------+
| libgcrypt20 | CVE-2018-6829 | | 1.8.4-5 | | libgcrypt: ElGamal |
| | | | | | implementation doesn't |
| | | | | | have semantic security |
| | | | | | due to incorrectly encoded |
| | | | | | plaintexts... |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2019-12904 | | | | Libgcrypt: physical addresses |
| | | | | | being available to other |
| | | | | | processes leads to a |
| | | | | | flush-and-reload... |
+ +---------------------+----------+ +---------------+--------------------------------+
| | CVE-2019-13627 | LOW | | | libgcrypt: ECDSA timing |
| | | | | | attack in the libgcrypt20 |
| | | | | | cryptographic library |
+---------------+---------------------+----------+-------------------+---------------+--------------------------------+
| libgnutls30 | CVE-2011-3389 | MEDIUM | 3.6.7-4+deb10u3 | | HTTPS: block-wise |
| | | | | | chosen-plaintext attack |
| | | | | | against SSL/TLS (BEAST) |
+---------------+---------------------+ +-------------------+---------------+--------------------------------+
| libidn2-0 | CVE-2019-12290 | | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 |
| | | | | | fails to perform the roundtrip |
| | | | | | checks specified in... |
+---------------+---------------------+ +-------------------+---------------+--------------------------------+
| liblz4-1 | CVE-2019-17543 | | 1.8.3-1 | | lz4: heap-based buffer |
| | | | | | overflow in LZ4_write32 |
+---------------+---------------------+----------+-------------------+---------------+--------------------------------+
| libpcre3 | CVE-2017-11164 | HIGH | 2:8.39-12 | | pcre: OP_KETRMAX feature |
| | | | | | in the match function in |
| | | | | | pcre_exec.c |
+ +---------------------+----------+ +---------------+--------------------------------+
| | CVE-2017-7245 | MEDIUM | | | pcre: stack-based |
| | | | | | buffer overflow write in |
| | | | | | pcre32_copy_substring |
+ +---------------------+ + +---------------+ +
| | CVE-2017-7246 | | | | |
| | | | | | |
| | | | | | |
+ +---------------------+----------+ +---------------+--------------------------------+
| | CVE-2017-16231 | LOW | | | pcre: self-recursive call in |
| | | | | | match() in pcre_exec.c leads |
| | | | | | to denial of service... |
+---------------+---------------------+----------+-------------------+---------------+--------------------------------+
| libseccomp2 | CVE-2019-9893 | HIGH | 2.3.3-4 | | libseccomp: incorrect |
| | | | | | generation of syscall filters |
| | | | | | in libseccomp |
+---------------+---------------------+----------+-------------------+---------------+--------------------------------+
| libstdc++6 | CVE-2018-12886 | MEDIUM | 8.3.0-6 | | gcc: spilling of stack |
| | | | | | protection address in |
| | | | | | cfgexpand.c and function.c |
| | | | | | leads to... |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG |
| | | | | | intrinsic produces repeated |
| | | | | | output |
+---------------+---------------------+ +-------------------+---------------+--------------------------------+
| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u3 | | systemd: services with |
| | | | | | DynamicUser can create |
| | | | | | SUID/SGID binaries |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2019-3844 | | | | systemd: services with |
| | | | | | DynamicUser can get new |
| | | | | | privileges and create SGID |
| | | | | | binaries... |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2020-1712 | | | 241-7~deb10u4 | systemd: use-after-free when |
| | | | | | asynchronous polkit queries |
| | | | | | are performed |
+ +---------------------+----------+ +---------------+--------------------------------+
| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition |
| | | | | | when updating file permissions |
| | | | | | and SELinux security |
| | | | | | contexts... |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2019-20386 | | | | systemd: a memory leak was |
| | | | | | discovered in button_open in |
| | | | | | login/logind-button.c when |
| | | | | | udev... |
+---------------+---------------------+----------+-------------------+---------------+--------------------------------+
| libtasn1-6 | CVE-2018-1000654 | HIGH | 4.13-3 | | libtasn1: Infinite loop in |
| | | | | | _asn1_expand_object_id(ptree) |
| | | | | | leads to memory exhaustion |
+---------------+---------------------+----------+-------------------+---------------+--------------------------------+
| libudev1 | CVE-2019-3843 | MEDIUM | 241-7~deb10u3 | | systemd: services with |
| | | | | | DynamicUser can create |
| | | | | | SUID/SGID binaries |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2019-3844 | | | | systemd: services with |
| | | | | | DynamicUser can get new |
| | | | | | privileges and create SGID |
| | | | | | binaries... |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2020-1712 | | | 241-7~deb10u4 | systemd: use-after-free when |
| | | | | | asynchronous polkit queries |
| | | | | | are performed |
+ +---------------------+----------+ +---------------+--------------------------------+
| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition |
| | | | | | when updating file permissions |
| | | | | | and SELinux security |
| | | | | | contexts... |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2019-20386 | | | | systemd: a memory leak was |
| | | | | | discovered in button_open in |
| | | | | | login/logind-button.c when |
| | | | | | udev... |
+---------------+---------------------+----------+-------------------+---------------+--------------------------------+
| login | CVE-2007-5686 | MEDIUM | 1:4.5-1.1 | | initscripts in rPath Linux 1 |
| | | | | | sets insecure permissions for |
| | | | | | the /var/log/btmp file,... |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2018-7169 | | | | shadow-utils: newgidmap |
| | | | | | allows unprivileged user |
| | | | | | to drop supplementary |
| | | | | | groups potentially allowing |
| | | | | | privilege... |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2019-19882 | | | | shadow-utils: local users |
| | | | | | can obtain root access |
| | | | | | because setuid programs are |
| | | | | | misconfigured... |
+ +---------------------+----------+ +---------------+--------------------------------+
| | CVE-2013-4235 | LOW | | | shadow-utils: TOCTOU race |
| | | | | | conditions by copying and |
| | | | | | removing directory trees |
+ +---------------------+ + +---------------+--------------------------------+
| | TEMP-0628843-DBAD28 | | | | |
+---------------+---------------------+----------+ +---------------+--------------------------------+
| passwd | CVE-2007-5686 | MEDIUM | | | initscripts in rPath Linux 1 |
| | | | | | sets insecure permissions for |
| | | | | | the /var/log/btmp file,... |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2018-7169 | | | | shadow-utils: newgidmap |
| | | | | | allows unprivileged user |
| | | | | | to drop supplementary |
| | | | | | groups potentially allowing |
| | | | | | privilege... |
+ +---------------------+ + +---------------+--------------------------------+
| | CVE-2019-19882 | | | | shadow-utils: local users |
| | | | | | can obtain root access |
| | | | | | because setuid programs are |
| | | | | | misconfigured... |
+ +---------------------+----------+ +---------------+--------------------------------+
| | CVE-2013-4235 | LOW | | | shadow-utils: TOCTOU race |
| | | | | | conditions by copying and |
| | | | | | removing directory trees |
+ +---------------------+ + +---------------+--------------------------------+
| | TEMP-0628843-DBAD28 | | | | |
+---------------+---------------------+----------+-------------------+---------------+--------------------------------+
| perl-base | CVE-2011-4116 | MEDIUM | 5.28.1-6 | | perl: File::Temp insecure |
| | | | | | temporary file handling |
+---------------+---------------------+----------+-------------------+---------------+--------------------------------+
| tar | CVE-2005-2541 | CRITICAL | 1.30+dfsg-6 | | Tar 1.15.1 does not properly |
| | | | | | warn the user when extracting |
| | | | | | setuid or... |
+ +---------------------+----------+ +---------------+--------------------------------+
| | CVE-2019-9923 | MEDIUM | | | tar: null-pointer dereference |
| | | | | | in pax_decode_header in |
| | | | | | sparse.c |
+ +---------------------+----------+ +---------------+--------------------------------+
| | TEMP-0290435-0B57B5 | LOW | | | |
+---------------+---------------------+----------+-------------------+---------------+--------------------------------+
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment