Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please take cognisance of CVE-2023-29491 and solution a fix in quay.io/jaegertracing/jaeger-operator, quay.io/k8s-sidecar and quay.io/kiali/kiali-operator #312

Open
shrikant-rajappan opened this issue Nov 6, 2023 · 2 comments
Open

Please take cognisance of CVE-2023-29491 and solution a fix in quay.io/jaegertracing/jaeger-operator, quay.io/k8s-sidecar and quay.io/kiali/kiali-operator #312

shrikant-rajappan opened this issue Nov 6, 2023 · 2 comments
Labels
stale close issues and PRs after 60 days of inactivity

Comments

@shrikant-rajappan
Copy link

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29491
@shrikant-rajappan shrikant-rajappan changed the title Please take cognisance of CVE-2023-29491 and solution a fix for ncurses lib Please take cognisance of CVE-2023-29491 and solution a fix for ncurses lib in quay.io/k8s-sidecar and quay.io/kiali/kiali-operator Nov 6, 2023
@shrikant-rajappan shrikant-rajappan changed the title Please take cognisance of CVE-2023-29491 and solution a fix for ncurses lib in quay.io/k8s-sidecar and quay.io/kiali/kiali-operator Please take cognisance of CVE-2023-29491 and solution a fix in quay.io/jaegertracing/jaeger-operator, quay.io/k8s-sidecar and quay.io/kiali/kiali-operator Nov 6, 2023
@ChristianGeie
Copy link
Collaborator

@shrikant-rajappan thanks for the report.

Do you have a way I can understand / reproduce the issue? My scan of the latest version k8s-sidecar:1.25.6 using trivy:latest shows no affected CVE.

@github-actions GitHub Actions
Copy link

This issue has been automatically marked as stale because it has not had any activity in the last 60 days. Thank you for your contributions.

@github-actions github-actions bot added the stale close issues and PRs after 60 days of inactivity label Sep 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale close issues and PRs after 60 days of inactivity
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ChristianGeie @shrikant-rajappan