Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(arch): support Arch Linux #1239

Closed
wants to merge 3 commits into from
Closed

feat(arch): support Arch Linux #1239

wants to merge 3 commits into from

Conversation

MaineK00n
Copy link
Contributor

@MaineK00n MaineK00n commented Sep 17, 2021
edited
Loading

Overview

fixes. #1052
Add Arch Linux to Trivy's supported operating systems.

$ trivy image archlinux:latest
2022-01-17T00:07:09.570+0900	INFO	Detected OS: arch
2022-01-17T00:07:09.570+0900	INFO	Detecting ArchLinux vulnerabilities...
2022-01-17T00:07:09.573+0900	INFO	Number of language-specific files: 0

archlinux:latest (arch Arch Linux)
==================================
Total: 16 (UNKNOWN: 0, LOW: 1, MEDIUM: 5, HIGH: 6, CRITICAL: 4)

+------------+------------------+----------+-------------------+---------------+---------------------------------------+
|  LIBRARY   | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                 TITLE                 |
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
| cryptsetup | CVE-2016-4484    | MEDIUM   | 2.4.2-3           |               | dracut: Brute force attack on LUKS    |
|            |                  |          |                   |               | password decryption via initramfs     |
|            |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2016-4484  |
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
| glibc      | CVE-2021-33574   | CRITICAL | 2.33-5            |               | glibc: mq_notify does                 |
|            |                  |          |                   |               | not handle separately                 |
|            |                  |          |                   |               | allocated thread attributes           |
|            |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-33574 |
+            +------------------+          +                   +---------------+---------------------------------------+
|            | CVE-2021-35942   |          |                   |               | glibc: Arbitrary read in wordexp()    |
|            |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-35942 |
+            +------------------+----------+                   +---------------+---------------------------------------+
|            | CVE-2020-29573   | HIGH     |                   |               | glibc: stack-based buffer overflow    |
|            |                  |          |                   |               | if the input to any of the printf...  |
|            |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2020-29573 |
+            +------------------+          +                   +---------------+---------------------------------------+
|            | CVE-2021-38604   |          |                   |               | glibc: NULL pointer dereference in    |
|            |                  |          |                   |               | helper_thread() in mq_notify.c while  |
|            |                  |          |                   |               | handling NOTIFY_REMOVED messages...   |
|            |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-38604 |
+            +------------------+          +                   +---------------+---------------------------------------+
|            | CVE-2021-43396   |          |                   |               | glibc: conversion from                |
|            |                  |          |                   |               | ISO-2022-JP-3 with iconv may          |
|            |                  |          |                   |               | emit spurious NUL character on...     |
|            |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-43396 |
+            +------------------+----------+                   +---------------+---------------------------------------+
|            | CVE-2021-27645   | LOW      |                   |               | glibc: Use-after-free in              |
|            |                  |          |                   |               | addgetnetgrentX function              |
|            |                  |          |                   |               | in netgroupcache.c                    |
|            |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-27645 |
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
| gmp        | CVE-2021-43618   | HIGH     | 6.2.1-1           |               | gmp: Integer overflow and resultant   |
|            |                  |          |                   |               | buffer overflow via crafted input     |
|            |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-43618 |
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
| krb5       | CVE-2017-15088   | CRITICAL | 1.19.2-2          |               | krb5: Buffer overflow                 |
|            |                  |          |                   |               | in get_matching_data()                |
|            |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2017-15088 |
+            +------------------+----------+                   +---------------+---------------------------------------+
|            | CVE-2021-37750   | MEDIUM   |                   |               | krb5: NULL pointer dereference        |
|            |                  |          |                   |               | in process_tgs_req() in               |
|            |                  |          |                   |               | kdc/do_tgs_req.c via a FAST inner...  |
|            |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-37750 |
+------------+------------------+          +-------------------+---------------+---------------------------------------+
| libarchive | CVE-2021-36976   |          | 3.5.2-2           |               | libarchive: use-after-free            |
|            |                  |          |                   |               | in copy_string()                      |
|            |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-36976 |
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
| ncurses    | CVE-2021-39537   | HIGH     | 6.3-1             |               | ncurses: heap-based buffer overflow   |
|            |                  |          |                   |               | in _nc_captoinfo() in captoinfo.c     |
|            |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-39537 |
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
| openssl    | CVE-2016-6309    | CRITICAL | 1.1.1.m-1         |               | openssl: Use After Free               |
|            |                  |          |                   |               | for large message sizes               |
|            |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2016-6309  |
+            +------------------+----------+                   +---------------+---------------------------------------+
|            | CVE-2021-4044    | HIGH     |                   |               | openssl: invalid handling             |
|            |                  |          |                   |               | of X509_verify_cert()                 |
|            |                  |          |                   |               | internal errors in libssl             |
|            |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-4044  |
+            +------------------+----------+                   +---------------+---------------------------------------+
|            | CVE-2016-7056    | MEDIUM   |                   |               | openssl: ECDSA P-256                  |
|            |                  |          |                   |               | timing attack key recovery            |
|            |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2016-7056  |
+            +------------------+          +                   +---------------+---------------------------------------+
|            | CVE-2017-3737    |          |                   |               | openssl: Read/write after             |
|            |                  |          |                   |               | SSL object in error state             |
|            |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2017-3737  |
+------------+------------------+----------+-------------------+---------------+---------------------------------------+

PRs

Need to merge the below PRs first

@github-actions
Copy link

This PR is stale because it has been labeled with inactivity.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and will be auto-closed. label Nov 17, 2021
@knqyf263 knqyf263 added priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and will be auto-closed. labels Nov 17, 2021
@MaineK00n MaineK00n changed the title [WIP] feat(arch): support Arch Linux feat(arch): support Arch Linux Jan 16, 2022
@MaineK00n MaineK00n mentioned this pull request Jan 16, 2022
Open
@MaineK00n MaineK00n force-pushed the support-ArchLinux branch from 9938750 to 0b2d1a8 Compare March 6, 2022 18:15
@MaineK00n MaineK00n mentioned this pull request Jun 9, 2022
Open
@github-actions
Copy link

This PR is stale because it has been labeled with inactivity.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and will be auto-closed. label May 22, 2023
@github-actions github-actions bot closed this Jun 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
lifecycle/stale Denotes an issue or PR has remained open with no activity and will be auto-closed. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MaineK00n @knqyf263