Skip to content

Update golang:1.23-bullseye Docker digest to bc1b90c (#152) #445

Update golang:1.23-bullseye Docker digest to bc1b90c (#152)

Update golang:1.23-bullseye Docker digest to bc1b90c (#152) #445

Triggered via push November 14, 2024 01:54
Status Success
Total duration 3m 58s
Artifacts

build-image.yml

on: push
Fit to window
Zoom out
Zoom in

Annotations

9 errors, 11 warnings, and 10 notices
build / build
CVE-2022-3715 - HIGH severity - bash: a heap-buffer-overflow in valid_parameter_transform vulnerability in bash
build / build
CVE-2019-8457 - CRITICAL severity - sqlite: heap out-of-bound read in function rtreenode() vulnerability in libdb5.3
build / build
CVE-2021-33560 - HIGH severity - libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm vulnerability in libgcrypt20
build / build
CVE-2024-10963 - HIGH severity - pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass vulnerability in libpam-modules
build / build
CVE-2024-10963 - HIGH severity - pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass vulnerability in libpam-modules-bin
build / build
CVE-2024-10963 - HIGH severity - pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass vulnerability in libpam-runtime
build / build
CVE-2024-10963 - HIGH severity - pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass vulnerability in libpam0g
build / build
CVE-2022-4899 - HIGH severity - zstd: mysql: buffer overrun in util.c vulnerability in libzstd1
build / build
CVE-2023-45853 - CRITICAL severity - zlib: integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6 vulnerability in zlib1g
build / build
The following actions use a deprecated Node.js version and will be forced to run on node20: actions/checkout@v3, docker/setup-qemu-action@v2, docker/setup-buildx-action@v2, docker/login-action@v2, docker/metadata-action@v4, crazy-max/ghaction-container-scan@v2. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
build / build
CVE-2023-4806 - MEDIUM severity - glibc: potential use-after-free in getaddrinfo() vulnerability in libc-bin
build / build
CVE-2023-4813 - MEDIUM severity - glibc: potential use-after-free in gaih_inet() vulnerability in libc-bin
build / build
CVE-2023-4806 - MEDIUM severity - glibc: potential use-after-free in getaddrinfo() vulnerability in libc6
build / build
CVE-2023-4813 - MEDIUM severity - glibc: potential use-after-free in gaih_inet() vulnerability in libc6
build / build
CVE-2024-2236 - MEDIUM severity - libgcrypt: vulnerable to Marvin Attack vulnerability in libgcrypt20
build / build
CVE-2024-10041 - MEDIUM severity - pam: libpam: Libpam vulnerable to read hashed password vulnerability in libpam-modules
build / build
CVE-2024-22365 - MEDIUM severity - pam: allowing unprivileged user to block another user namespace vulnerability in libpam-modules
build / build
CVE-2024-10041 - MEDIUM severity - pam: libpam: Libpam vulnerable to read hashed password vulnerability in libpam-modules-bin
build / build
CVE-2024-22365 - MEDIUM severity - pam: allowing unprivileged user to block another user namespace vulnerability in libpam-modules-bin
build / build
CVE-2024-10041 - MEDIUM severity - pam: libpam: Libpam vulnerable to read hashed password vulnerability in libpam-runtime
build / build
CVE-2011-3374 - LOW severity - It was found that apt-key in apt, all versions, do not correctly valid ... vulnerability in apt
build / build
TEMP-0841856-B18BAF - LOW severity - [Privilege escalation possible to other user than root] vulnerability in bash
build / build
CVE-2022-0563 - LOW severity - util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline vulnerability in bsdutils
build / build
CVE-2016-2781 - LOW severity - coreutils: Non-privileged session can escape to the parent session in chroot vulnerability in coreutils
build / build
CVE-2017-18018 - LOW severity - coreutils: race condition vulnerability in chown and chgrp vulnerability in coreutils
build / build
CVE-2023-4039 - LOW severity - gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64 vulnerability in gcc-10-base
build / build
CVE-2023-4039 - LOW severity - gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64 vulnerability in gcc-9-base
build / build
CVE-2022-3219 - LOW severity - gnupg: denial of service issue (resource consumption) using compressed packets vulnerability in gpgv
build / build
CVE-2011-3374 - LOW severity - It was found that apt-key in apt, all versions, do not correctly valid ... vulnerability in libapt-pkg6.0
build / build
CVE-2022-0563 - LOW severity - util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline vulnerability in libblkid1