Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability CVE-2021-3520 #9

Closed
MrRedHead opened this issue Dec 21, 2021 · 2 comments
Closed

Vulnerability CVE-2021-3520 #9

MrRedHead opened this issue Dec 21, 2021 · 2 comments
Assignees
@tyranron
Labels
CVE

Comments

@MrRedHead
Copy link

Trivy Vulnerability Scanner detects CVE-2021-3520 with score of 9.8 detected in latest (alpine3.15-r0) version.
https://avd.aquasec.com/nvd/cve-2021-3520/

Please update lz4-libs to version: 1.9.3-r1 or higher.
tyranron added a commit that referenced this issue Dec 21, 2021
@tyranron
Update Alpine packages to fix CVE-2021-3520 (#9)
244f921
@tyranron tyranron added the CVE label Dec 21, 2021
@tyranron tyranron self-assigned this Dec 21, 2021
@tyranron
Copy link
Member

tyranron commented Dec 21, 2021
edited
Loading

@MrRedHead thanks!

Should be fixed now:

$ docker run --rm --entrypoint sh instrumentisto/rsync-ssh:alpine3.15-r1 -c 'apk list | grep lz4'
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.15/main: No such file or directory
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.15/community: No such file or directory
lz4-libs-1.9.3-r1 x86_64 {lz4} (BSD-2-Clause GPL-2.0-only) [installed]

@MrRedHead
Copy link
Author

Trivy shows no vulnerabilities... thanks for the quick fix

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tyranron tyranron

Labels
CVE
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tyranron @MrRedHead