You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When scanning an image built (today, for the first time) using FROM node:boron:
VULNERABLE PACKAGES FOUND
=========================
PACKAGE VULNERABILITIES CORRECTIVE ACTION
curl 1 Upgrade to curl 7.38.0-4+deb8u9
libxml2 1 Upgrade to libxml2 2.9.1+dfsg1-5+deb8u6
sensible-utils 1 Upgrade to sensible-utils 0.0.9+deb8u1
And to expand on them:
VULNERABLE PACKAGES FOUND
=========================
curl
Corrective action: Upgrade to curl 7.38.0-4+deb8u9
FIX SUMMARY OFFICIAL NOTICE CVE ID
- Two vulnerabilities were discovered in https://lists.debian.org/debian-security-announce/2018/msg00020.html CVE-2018-1000005,CVE-2018-1000007
cURL, an URL transfer library.
libxml2
Corrective action: Upgrade to libxml2 2.9.1+dfsg1-5+deb8u6
FIX SUMMARY OFFICIAL NOTICE CVE ID
- Nick Wellnhofer discovered that certain https://lists.debian.org/debian-security-announce/2018/msg00008.html CVE-2017-15412
function calls inside XPath
predicates
can lead to use-after-free and
double-free errors when
executed by
libxml2's XPath engine via an XSLT
transformation.
sensible-utils
Corrective action: Upgrade to sensible-utils 0.0.9+deb8u1
FIX SUMMARY OFFICIAL NOTICE CVE ID
- Gabriel Corona reported that https://lists.debian.org/debian-security-announce/2017/msg00334.html CVE-2017-17512
sensible-browser from sensible-utils,
a
collection of small utilities used to
sensibly select and spawn an
appropriate
browser, editor or pager, does not
validate strings before
launching the
program specified by the BROWSER
environment variable,
potentially
allowing a remote attacker to conduct
argument-injection
attacks if a user is
tricked into processing a specially
crafted URL.
The text was updated successfully, but these errors were encountered:
Is it planned to fix the following?
When scanning an image built (today, for the first time) using
FROM node:boron:And to expand on them:
The text was updated successfully, but these errors were encountered: