Created
October 5, 2018 20:40
-
-
Save lotharschulz/6b6850a8e8c0aa13aee075f45a1380c2 to your computer and use it in GitHub Desktop.
lotharschulz/hellogo:build.docker-cache–0.2.91 CVEs identified with Clair and klar
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
╔════════╦══════════════════════════════╦═════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ | |
║ CVE ║ Found in ║ Fixed By ║ | |
╠════════╬══════════════════════════════╬═════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╣ | |
║ [High] ║ glibc [2.24-11+deb9u3] ║ elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution. https://security-tracker.debian.org/tracker/CVE-2017-16997 ║ | |
║ [High] ║ glibc [2.24-11+deb9u3] ║ A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. https://security-tracker.debian.org/tracker/CVE-2017-1000408 ║ | |
║ [High] ║ glibc [2.24-11+deb9u3] ║ An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution. https://security-tracker.debian.org/tracker/CVE-2017-18269 ║ | |
║ [High] ║ glibc [2.24-11+deb9u3] ║ In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. https://security-tracker.debian.org/tracker/CVE-2018-1000001 ║ | |
║ [High] ║ mercurial [4.0-1+deb9u1] ║ mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. https://security-tracker.debian.org/tracker/CVE-2018-13347 ║ | |
║ [High] ║ linux [4.9.110-3+deb9u4] ║ An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used. https://security-tracker.debian.org/tracker/CVE-2018-13406 ║ | |
║ [High] ║ linux [4.9.110-3+deb9u4] ║ ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem. https://security-tracker.debian.org/tracker/CVE-2018-12931 ║ | |
║ [High] ║ systemd [232-25+deb9u4] ║ systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on. https://security-tracker.debian.org/tracker/CVE-2018-6954 ║ | |
║ [High] ║ util-linux [2.29.2-1+deb9u1] ║ runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. https://security-tracker.debian.org/tracker/CVE-2016-2779 ║ | |
╚════════╩══════════════════════════════╩═════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
used in https://medium.com/@lotharsch87/build-a-minimal-docker-image-4722deae9d86