[GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8

Mon, 28 Jun 2021 05:54:09 -0700 


padma81 opened a new issue #2746:
URL: https://github.com/apache/bookkeeper/issues/2746


   **BUG REPORT**
   
   ***Vulnerability scanning of BookKeeper image shows security issues***
   
   The BookKeeper 4.12.1 docker image when put to vulnerability scanning shows 
a lot of Critical/High severity issues in the CentOS 7 image. Most of these 
CVEs are not fixed in CentOS 7 and the suggestion is to upgrade to CentOS 8. 
Please find below the list of Critical/High CVEs:
   
   CVE-2009-5155
   CVE-2014-9114
   CVE-2015-8540
   CVE-2015-8948
   CVE-2015-8982
   CVE-2016-10087
   CVE-2016-10109
   CVE-2016-1234
   CVE-2016-4483
   CVE-2016-5300
   CVE-2016-6261
   CVE-2016-6262
   CVE-2016-6263
   CVE-2016-6318
   CVE-2016-6321
   CVE-2016-8615
   CVE-2016-8617
   CVE-2016-8623
   CVE-2016-8624
   CVE-2016-8625
   CVE-2016-9586
   CVE-2017-0663
   CVE-2017-1000254
   CVE-2017-10684
   CVE-2017-10790
   CVE-2017-13728
   CVE-2017-13729
   CVE-2017-13730
   CVE-2017-13731
   CVE-2017-13732
   CVE-2017-13733
   CVE-2017-16879
   CVE-2017-16932
   CVE-2017-18078
   CVE-2017-6004
   CVE-2017-6891
   CVE-2017-7501
   CVE-2017-9047
   CVE-2017-9048
   CVE-2017-9049
   CVE-2017-9050
   CVE-2017-9233
   CVE-2018-1123
   CVE-2018-16429
   CVE-2018-6003
   CVE-2018-6954
   CVE-2018-8740
   CVE-2019-13012
   CVE-2019-13050
   CVE-2019-13115
   CVE-2019-13117
   CVE-2019-13118
   CVE-2019-13565
   CVE-2019-19906
   CVE-2019-19924
   CVE-2019-3842
   CVE-2019-3843
   CVE-2019-3844
   CVE-2019-9923
   CVE-2020-1752
   CVE-2020-23922
   CVE-2020-25709
   CVE-2020-25710
   CVE-2020-27619
   CVE-2020-28196
   CVE-2020-29361
   CVE-2020-36221
   CVE-2020-36222
   CVE-2020-36223
   CVE-2020-36224
   CVE-2020-36225
   CVE-2020-36226
   CVE-2020-36227
   CVE-2020-36228
   CVE-2020-36229
   CVE-2020-36230
   CVE-2020-8231
   CVE-2020-8285
   CVE-2021-20294
   CVE-2021-23240
   CVE-2021-23840
   CVE-2021-27212
   CVE-2021-27218
   CVE-2021-3517
   CVE-2021-3518
   
   ***Expected behavior***
   
   All the above CVEs should not be reflected once upgraded to CentOS 8.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to