cp-docker-images icon indicating copy to clipboard operation
cp-docker-images copied to clipboard

Published 20 hours ago verified publisher icon confluentinc

Kafka Connect: Amazon vulnerability scan results

Open georgpet opened this issue 4 years ago • 2 comments

Hello,

I run Amazon vulnerability scan on latest cp-kafka-connect image and got following results:

Vulnerabilities: Critical 10 High 48 Medium 139 Low 139 Information 185 Undefined 11

Here's the list of Critical and High vulnerabilities:

CVE-2017-16997 | glibc:2.19-18+deb8u10 | CRITICAL CVE-2016-4448 | libxml2:2.9.1+dfsg1-5+deb8u7 | CRITICAL CVE-2019-19816 | linux:3.16.76-1 | CRITICAL CVE-2019-19813 | linux:3.16.76-1 | CRITICAL CVE-2019-14901 | linux:3.16.76-1 | CRITICAL CVE-2019-10220 | linux:3.16.76-1 | CRITICAL CVE-2019-15505 | linux:3.16.76-1 | CRITICAL CVE-2019-19814 | linux:3.16.76-1 | CRITICAL CVE-2019-14896 | linux:3.16.76-1 | CRITICAL CVE-2017-9725 | linux:3.16.76-1 | CRITICAL CVE-2017-8421 | binutils:2.25-5+deb8u1 | HIGH CVE-2019-5482 | curl:7.38.0-4+deb8u15 | HIGH CVE-2019-18218 | file:1:5.22+15-2+deb8u5 | HIGH CVE-2019-9169 | glibc:2.19-18+deb8u10 | HIGH CVE-2017-1000409 | glibc:2.19-18+deb8u10 | HIGH CVE-2018-6485 | glibc:2.19-18+deb8u10 | HIGH CVE-2017-1000408 | glibc:2.19-18+deb8u10 | HIGH CVE-2014-9761 | glibc:2.19-18+deb8u10 | HIGH CVE-2018-1000001 | glibc:2.19-18+deb8u10 | HIGH CVE-2016-2774 | isc-dhcp:4.3.1-6+deb8u3 | HIGH CVE-2016-2090 | libbsd:0.7.0-2 | HIGH CVE-2017-5972 | linux:3.16.76-1 | HIGH CVE-2018-12931 | linux:3.16.76-1 | HIGH CVE-2017-10663 | linux:3.16.76-1 | HIGH CVE-2019-17666 | linux:3.16.76-1 | HIGH CVE-2018-14613 | linux:3.16.76-1 | HIGH CVE-2018-14614 | linux:3.16.76-1 | HIGH CVE-2013-7445 | linux:3.16.76-1 | HIGH CVE-2019-19062 | linux:3.16.76-1 | HIGH CVE-2019-2213 | linux:3.16.76-1 | HIGH CVE-2019-11487 | linux:3.16.76-1 | HIGH CVE-2018-14612 | linux:3.16.76-1 | HIGH CVE-2019-19073 | linux:3.16.76-1 | HIGH CVE-2018-12930 | linux:3.16.76-1 | HIGH CVE-2019-19066 | linux:3.16.76-1 | HIGH CVE-2019-19052 | linux:3.16.76-1 | HIGH CVE-2017-10662 | linux:3.16.76-1 | HIGH CVE-2019-19056 | linux:3.16.76-1 | HIGH CVE-2019-19051 | linux:3.16.76-1 | HIGH CVE-2019-18675 | linux:3.16.76-1 | HIGH CVE-2019-17133 | linux:3.16.76-1 | HIGH CVE-2019-14895 | linux:3.16.76-1 | HIGH CVE-2016-10764 | linux:3.16.76-1 | HIGH CVE-2018-14610 | linux:3.16.76-1 | HIGH CVE-2019-19815 | linux:3.16.76-1 | HIGH CVE-2019-16746 | linux:3.16.76-1 | HIGH CVE-2019-14897 | linux:3.16.76-1 | HIGH CVE-2019-19074 | linux:3.16.76-1 | HIGH CVE-2018-14611 | linux:3.16.76-1 | HIGH CVE-2019-17075 | linux:3.16.76-1 | HIGH CVE-2016-8858 | openssh:1:6.7p1-5+deb8u8 | HIGH CVE-2018-6797 | perl:5.20.2-3+deb8u12 | HIGH CVE-2017-12424 | shadow:1:4.2-3+deb8u4 | HIGH CVE-2019-19603 | sqlite3:3.8.7.1-1+deb8u4 | HIGH CVE-2019-8457 | sqlite3:3.8.7.1-1+deb8u4 | HIGH CVE-2016-2779 | util-linux:2.25.2-6 | HIGH CVE-2016-9841 | zlib:1:1.2.8.dfsg-2 | HIGH CVE-2016-9843 | zlib:1:1.2.8.dfsg-2 | HIGH

It looks like upgrading base Debian image would significantly help.

Thanks and regards, Petros

georgpet avatar Jan 03 '20 09:01 georgpet

Duplicate #811 , #637

OneCricketeer avatar Jan 05 '20 02:01 OneCricketeer

Thank you for raising this issue. Confluent Platform updates (including image upgrades) are made available on a quarterly cadence. The issues have been addressed at this point in time.

janjwerner-confluent avatar Sep 27 '22 16:09 janjwerner-confluent