You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our resource scan found these two CVEs in the calico-node v3.28.2 image: CVE-2024-5535, CVE-2019-12900.
I see, that the UBI_VERSION for v3.29.2 is still 8.10, so the problematic packages are still on the impacted versions. https://github.com/projectcalico/calico/blob/v3.29.2/metadata.mk
Our resource scan found these two CVEs in the calico-node
v3.28.2image:CVE-2024-5535,CVE-2019-12900.I see, that the
UBI_VERSIONforv3.29.2is still8.10, so the problematic packages are still on the impacted versions.https://github.com/projectcalico/calico/blob/v3.29.2/metadata.mk
Do you plan to update it?
https://access.redhat.com/errata/RHSA-2024:7848
https://access.redhat.com/errata/RHSA-2024:8922
The impacted packages: bzip2, openssl.
CVE-2019-12900: Upgrade bzip2-libs to >= 0:1.0.6-27.el8_10
CVE-2024-5535: Upgrade openssl-libs to >= 1:1.1.1k-14.el8_6
The text was updated successfully, but these errors were encountered: