Addressing several security vulnerabilities in the version v0.15.1
nguyenngocnhatminh opened this issue · 0 comments
nguyenngocnhatminh commented
Release of version v0.15.1 run under Ubuntu 20.04.6 LTS contains several vulnerabilities
Some vulnerabilities can be fixed by upgrading the version of affected packages as below.
as requirement of our security remediating process in our org, we would like to report vulnerabilities for this version (though we will follow your release process)
| CVE | SEVERITY | CVSS | PACKAGE | VERSION | STATUS |
|---|---|---|---|---|---|
| CVE-2022-40735 | medium | 7.50 | opensl | 3.0.2-0ubuntu1.15 | fixed in 3.0.2-0ubuntu1.16 |
| CVE-2024-33602 | medium | 0.00 | glibc | 2.35-0ubuntu3.7 | fixed in 2.35-0ubuntu3.8 |
| CVE-2024-33601 | medium | 0.00 | glibc | 2.35-0ubuntu3.7 | fixed in 2.35-0ubuntu3.8 |
| CVE-2024-33600 | medium | 0.00 | glibc | 2.35-0ubuntu3.7 | fixed in 2.35-0ubuntu3.8 |
| CVE-2024-33599 | medium | 0.00 | glibc | 2.35-0ubuntu3.7 | fixed in 2.35-0ubuntu3.8 |
| CVE-2024-26462 | medium | 0.00 | krb5 | 1.19.2-2ubuntu0.3 | needed |
| CVE-2024-2236 | medium | 0.00 | libgcrypt20 | 1.9.4-3ubuntu3 | deferred |
| CVE-2022-4899 | low | 7.50 | libzstd | 1.4.8+dfsg-3build1 | needed |
| CVE-2023-50495 | low | 6.50 | ncurses | 6.3-2ubuntu0.1 | needed |
| CVE-2016-2781 | low | 6.50 | coreutils | 8.32-4.1ubuntu1.2 | deferred |
| CVE-2023-7008 | low | 5.90 | systemd | 249.11-0ubuntu3.12 | needed |
| CVE-2022-27943 | low | 5.50 | gcc-12 | 12.3.0-1ubuntu1~22.04 | needed |
| CVE-2023-29383 | low | 3.30 | shadow | 1:4.8.1-2ubuntu2.2 | needed |
| CVE-2022-3219 | low | 3.30 | gnupg2 | 2.2.27-3ubuntu2.1 | deferred |
| CVE-2024-4741 | low | 0.00 | openssl | 3.0.2-0ubuntu1.15 | needed |
| CVE-2024-4603 | low | 0.00 | openssl | 3.0.2-0ubuntu1.15 | needed |
| CVE-2024-26461 | low | 0.00 | krb5 | 1.19.2-2ubuntu0.3 | needed |
| CVE-2024-2511 | low | 0.00 | openssl | 3.0.2-0ubuntu1.15 | needed |
| CVE-2023-45918 | low | 0.00 | ncurses | 6.3-2ubuntu0.1 | needed |