Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Various Chromium Vulnerabilities in Python 3.11 images #1158

Open
lv-art opened this issue Aug 27, 2024 · 0 comments
Open

Various Chromium Vulnerabilities in Python 3.11 images #1158

lv-art opened this issue Aug 27, 2024 · 0 comments

Comments

@lv-art
Copy link

lv-art commented Aug 27, 2024
edited
Loading

Ran a Snyk scan in a container (customized base image with Chromium added) built today and came across several chromium vulnerabilities. It looks like the most recent Chromium driver version from the Debian 11 packages is 120 and the bookworm version is 128. Is there any way to pull a more recent version? Perhaps updating the Python base images to Debian 12? Sample output from security test below:

✗ Critical severity vulnerability found in zlib/zlib1g-dev
  Description: Integer Overflow or Wraparound
  Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-ZLIB-6008961
  Introduced through: mysql-defaults/[email protected], zlib/zlib1g@1:1.2.11.dfsg-2+deb11u2
  From: mysql-defaults/[email protected] > mariadb-10.5/libmariadb-dev-compat@1:10.5.23-0+deb11u1 > mariadb-10.5/libmariadb-dev@1:10.5.23-0+deb11u1 > zlib/zlib1g-dev@1:1.2.11.dfsg-2+deb11u2
  From: zlib/zlib1g@1:1.2.11.dfsg-2+deb11u2

✗ Critical severity vulnerability found in curl/libcurl4
  Description: Cleartext Transmission of Sensitive Information
  Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3320493
  Introduced through: [email protected]+deb11u12
  From: [email protected]+deb11u12 > curl/[email protected]+deb11u12
  From: [email protected]+deb11u12

✗ Critical severity vulnerability found in chromium/chromium-common
  Description: Integer Underflow
  Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CHROMIUM-6186491
  Introduced through: chromium/[email protected]~deb11u1
  From: chromium/[email protected]~deb11u1 > [email protected]~deb11u1 > chromium/[email protected]~deb11u1
  From: chromium/[email protected]~deb11u1 > [email protected]~deb11u1
  From: chromium/[email protected]~deb11u1

✗ Critical severity vulnerability found in chromium/chromium-common
  Description: Use After Free
  Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CHROMIUM-6230700
  Introduced through: chromium/[email protected]~deb11u1
  From: chromium/[email protected]~deb11u1 > [email protected]~deb11u1 > chromium/[email protected]~deb11u1
  From: chromium/[email protected]~deb11u1 > [email protected]~deb11u1
  From: chromium/[email protected]~deb11u1

✗ Critical severity vulnerability found in chromium/chromium-common
  Description: Out-of-bounds Write
  Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CHROMIUM-6230704
  Introduced through: chromium/[email protected]~deb11u1
  From: chromium/[email protected]~deb11u1 > [email protected]~deb11u1 > chromium/[email protected]~deb11u1
  From: chromium/[email protected]~deb11u1 > [email protected]~deb11u1
  From: chromium/[email protected]~deb11u1

✗ Critical severity vulnerability found in chromium/chromium-common
  Description: Use After Free
  Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CHROMIUM-6828887
  Introduced through: chromium/[email protected]~deb11u1
  From: chromium/[email protected]~deb11u1 > [email protected]~deb11u1 > chromium/[email protected]~deb11u1
  From: chromium/[email protected]~deb11u1 > [email protected]~deb11u1
  From: chromium/[email protected]~deb11u1```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lv-art