openSUSE: 2022:10094-1 Moderate: Security Risks Fixed in Trivy
opensuse
August 20, 2022
An update that fixes three vulnerabilities is now available
Description
This update for trivy fixes the following issues:
Update to version 0.30.4:
* fix: remove the first arg when running as a plugin (#2595)
* fix: k8s controlplaner scanning (#2593)
* fix(vuln): GitLab report template (#2578)
Update to version 0.30.3:
* fix(server): use a new db worker for hot updates (#2581)
* docs: add trivy with download-db-only flag to Air-Gapped Environment
(#2583)
* docs: split commands to download db for different versions of oras
(#2582)
* feat(report): export exitcode for license checks (#2564)
* fix: cli can use lowercase for severities (#2565)
* fix: allow subcommands with TRIVY_RUN_AS_PLUGIN (#2577)
* fix: add missing types in TypeOSes and TypeLanguages in analyzer (#2569)
* fix: enable some features of the wasm runtime (#2575)
* fix(k8s): no error logged if trivy can't get docker image in kubernetes
mode (#2521)
* docs(sbom): improve sbom attestation documentation (#2566)
Update to...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10094=1
Package List
- openSUSE Backports SLE-15-SP3 (aarch64 i586 s390x x86_64):
trivy-0.30.4-bp153.8.1
References
https://www.suse.com/security/cve/CVE-2022-1996.html
https://www.suse.com/security/cve/CVE-2022-23648.html
https://www.suse.com/security/cve/CVE-2022-28946.html
https://bugzilla.suse.com/1199760
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!