Hi there, This is a CVE for musl, which is the libc used in Alpine Linux. The image Red Hat officially supports for Clair is based on RHEL, so it does not have this issue.
This dependency will be bumped with the next release of Clair. - Rob On Fri, Oct 18, 2019 at 2:10 PM Brent Borovan <[email protected]> wrote: > Hello, > > I recently installed the latest version of Clair (v2.0.9) as a new Docker > image and ran a Clair scan on this image using klar with a "High" > threshold. Klar return an outstanding security issue which ironically is > not patched. > > Here is the reported issue: > Analysing 9 layers > Got results from Clair API v1 > Found 1 vulnerabilities > High: 1 > > CVE-2019-14697: [High] > Found in: musl [1.1.20-r3] > Fixed By: 1.1.20-r5 > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697 > > > Are there plans to patch this soon and if not does anyone know the > recommended way to resolve this? > > Thanks in advance, > Brent > > -- > You received this message because you are subscribed to the Google Groups > "CoreOS Dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/coreos-dev/47a4938b-b30e-4af0-b643-3d80083dbce7%40googlegroups.com > <https://groups.google.com/d/msgid/coreos-dev/47a4938b-b30e-4af0-b643-3d80083dbce7%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "CoreOS Dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/coreos-dev/CABD1xTaAzNo%3D20p%3DpN0yQpcQPaOhQENgC4fWEbSu2_5j37eepg%40mail.gmail.com.
