openSUSE: 2022:10094-1 moderate: trivy | LinuxSecurity.com

Advisories


   openSUSE Security Update: Security update for trivy
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2022:10094-1
Rating:             moderate
References:         #1199760 
Cross-References:   CVE-2022-1996 CVE-2022-23648 CVE-2022-28946
                   
CVSS scores:
                    CVE-2022-1996 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2022-1996 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-23648 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-23648 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-28946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-28946 (SUSE): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    openSUSE Backports SLE-15-SP3
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:

   This update for trivy fixes the following issues:

   Update to version 0.30.4:

   * fix: remove the first arg when running as a plugin (#2595)
   * fix: k8s controlplaner scanning (#2593)
   * fix(vuln): GitLab report template (#2578)

   Update to version 0.30.3:

   * fix(server): use a new db worker for hot updates (#2581)
   * docs: add trivy with download-db-only flag to Air-Gapped Environment
     (#2583)
   * docs: split commands to download db for different versions of oras
     (#2582)
   * feat(report): export exitcode for license checks (#2564)
   * fix: cli can use lowercase for severities (#2565)
   * fix: allow subcommands with TRIVY_RUN_AS_PLUGIN (#2577)
   * fix: add missing types in TypeOSes and TypeLanguages in analyzer (#2569)
   * fix: enable some features of the wasm runtime (#2575)
   * fix(k8s): no error logged if trivy can't get docker image in kubernetes
     mode (#2521)
   * docs(sbom): improve sbom attestation documentation (#2566)

   Update to version 0.30.2:

   * fix(report): show the summary without results (#2548)
   * fix(cli): replace '-' to '_' for env vars (#2561)

   Update to version 0.30.1:

   * chore: remove a test repository (#2551)
   * fix(license): lazy loading of classifiers (#2547)
   * fix: CVE-2022-1996 in Trivy (#2499)
   * docs(sbom): add sbom attestation (#2527)
   * feat(rocky): set Rocky Linux 9 EOL (#2543)
   * docs: add attributes to the video tag to autoplay demo videos (#2538)
   * fix: yaml files with non-string chart name (#2534)
   * fix: skip dirs (#2530)
   * feat(repo): add support for branch, commit, & tag (#2494)
   * fix: remove auto configure environment variables via viper (#2526)

   Update to version 0.30.0:

   * fix: separating multiple licenses from one line in dpkg copyright files
     (#2508)
   * fix: change a capital letter for `plugin uninstall` subcommand (#2519)
   * fix: k8s hide empty report when scanning resource (#2517)
   * refactor: fix comments (#2516)
   * fix: scan vendor dir (#2515)
   * feat: Add support for license scanning (#2418)
   * chore: add owners for secret scanning (#2485)
   * fix: remove dependency-tree flag for image subcommand (#2492)
   * fix(k8s): add shorthand for k8s namespace flag (#2495)
   * docs: add information about using multiple servers to troubleshooting
     (#2498)
   * ci: add pushing canary build images to registries (#2428)
   * feat(dotnet): add support for .Net core .deps.json files (#2487)
   * feat(amazon): add support for 2022 version (#2429)
   * Type correction bitnami chart (#2415)
   * docs: add config file and update CLI references (#2489)
   * feat: add support for flag groups (#2488)
   * refactor: move from urfave/cli to spf13/cobra (#2458)
   * fix: Fix secrets output not containing file/lines (#2467)
   * fix: clear output with modules (#2478)
   * docs(cbl): distroless 1.0 supported (#2473)
   * fix: Fix example dockerfile rego policy (#2460)
   * fix(config): add helm to list of config analyzers (#2457)
   * feat: k8s resouces scan (#2395)
   * feat(sbom): add cyclonedx sbom scan (#2203)
   * docs: remove links to removed content (#2431)
   * ci: added rpm build for rhel 9 (#2437)
   * fix(secret): remove space from asymmetric private key (#2434)
   * test(integration): fix golden files for debian 9 (#2435)
   * fix(cli): fix version string in docs link when secret scanning is
     enabled (#2422)
   * refactor: move CycloneDX marshaling (#2420)
   * docs(nodejs): add docs about pnpm support (#2423)
   * docs: improve k8s usage documentation (#2425)
   * feat: Make secrets scanning output consistant (#2410)
   * ci: create canary build after main branch changes  (#1638)
   * fix(misconf): skip broken scans (#2396)
   * feat(nodejs): add pnpm support (#2414)
   * fix: Fix false positive for use of COS images (#2413)
   * eliminate nerdctl dependency (#2412)
   * Add EOL date for SUSE SLES 15.3, 15.4 and OpenSUSE 15.4 (#2403)
   * fix(go): no cast to lowercase go package names (#2401)
   * BREAKING(sbom): change 'trivy sbom' to scan SBOM (#2408)
   * fix(server): hot update the db from custom repository (#2406)
   * feat: added license parser for dpkg (#2381)
   * fix(misconf): Update defsec (v0.68.5) to fix docker rego duplicate key
     (#2400)
   * feat: extract stripe publishable and secret keys (#2392)
   * feat: rbac support k8s sub-command (#2339)
   * feat(ruby): drop platform strings from dependency versions bundled with
     bundler v2 (#2390)
   * docs: Updating README with new CLI command (#2359)
   * fix(misconf): Update defsec to v0.68.4 to resolve CF detection bug
     (#2383)
   * chore: add integration label and merge security label (#2316)

   Update to version 0.29.2:

   * chore: skip Visual Studio Code project folder (#2379)
   * fix(helm): handle charts with templated names (#2374)
   * docs: redirect operator docs to trivy-operator repo (#2372)
   * fix(secret): use secret result when determining Failed status (#2370)
   * try removing libdb-dev
   * run integration tests in fanal
   * use same testing images in fanal
   * feat(helm): add support for trivy dbRepository (#2345)
   * fix: Fix failing test due to deref lint issue
   * test: Fix broken test
   * fix: Fix makefile when no previous named ref is visible in a shallow
     clone
   * chore: Fix linting issues in fanal
   * refactor: Fix fanal import paths and remove dotfiles

   Update to version 0.29.1:

   * fix(report): add required fields to the SARIF template (#2341)
   * chore: fix spelling errors (#2352)
   * Omit Remediation if PrimaryURL is empty (#2006)
   * docs(repo): Link to installation documentation in readme shows 404
     (#2348)
   * feat(alma): support for scanning of modular packages for AlmaLinux
     (#2347)

   Update to version 0.29.0:

   * fix(lang): fix dependency graph in client server mode (#2336)
   * feat: allow expiration date for .trivyignore entries (#2332)
   * feat(lang): add dependency origin graph (#1970)
   * docs: update nix installation info (#2331)
   * feat: add rbac scanning support (#2328)
   * refactor: move WordPress module to another repository (#2329)
   * ci: add support for ppc64le (#2281)
   * feat: add support for WASM modules (#2195)
   * feat(secret): show recommendation for slow scanning (#2051)
   * fix(flag): remove --clear-cache flag client mode (#2301)
   * fix(java): added check for looping for variable evaluation in pom file
     (#2322)
   * BREAKING(k8s): change CLI API (#2186)
   * feat(alpine): add Alpine Linux 3.16 (#2319)
   * ci: add `go mod tidy` check (#2314)
   * chore: run `go mod tidy` (#2313)
   * fix: do not exit if one resource is not found (#2311)
   * feat(cli): use stderr for all log messages (resolve #381) (#2289)
   * test: replace deprecated subcommand client in integration tests (#2308)
   * feat: add support for containerd (#2305)
   * fix(kubernetes): Support floats in manifest yaml (#2297)
   * docs(kubernetes): dead links (#2307)
   * chore: add license label (#2304)
   * feat(mariner): added support for CBL-Mariner Distroless v2.0 (#2293)
   * feat(helm): add pod annotations (#2272)
   * refactor: do not import defsec in fanal types package (#2292)
   * feat(report): Add misconfiguration support to ASFF report template
     (#2285)
   * test: use images in GHCR (#2275)
   * feat(helm): support pod annotations (#2265)
   * feat(misconf): Helm chart scanning (#2269)
   * docs: Update custom rego policy docs to reflect latest defsec/fanal
     changes (#2267)
   * fix: mask redis credentials when logging (#2264)
   * refactor: extract commands Runner interface (#2147)
   * docs: update operator release (#2263)
   * feat(redhat): added architecture check (#2172)
   * docs: updating links in the docs to work again (#2256)
   * docs: fix readme (#2251)
   * fix: fixed incorrect CycloneDX output format (#2255)
   * refactor(deps): move dependencies to package (#2189)
   * fix(report): change github format version to required (#2229)
   * docs: update readme (#2110)
   * docs: added information about choosing advisory database (#2212)
   * chore: update trivy-kubernetes (#2224)
   * docs: clarifying parts of the k8s docs and updating links (#2222)
   * fix(k8s): timeout error logging (#2179)
   * chore(deps): updated fanal after fix AsymmetricPrivateKeys (#2214)
   * feat(k8s): add --context flag (#2171)
   * fix(k8s): properly instantiate TableWriter (#2175)
   * test: fixed integration tests after updating testcontainers to v0.13.0
     (#2208)
   * chore: update labels (#2197)
   * fix(report): fixed panic if all misconf reports were removed in filter
     (#2188)
   * feat(k8s): scan secrets (#2178)
   * feat(report): GitHub Dependency Snapshots support (#1522)
   * feat(db): added insecure skip tls verify to download trivy db (#2140)
   * fix(redhat): always use vulns with fixed version if there is one (#2165)
   * chore(redhat): Add support for Red Hat UBI 9. (#2183)
   * fix(k8s): update trivy-kubernetes (#2163)
   *  fix misconfig start line for code quality tpl (#2181)
   * fix: update docker/distribution from 2.8.0 to 2.8.1 (#2176)
   * docs(vuln): Include GitLab 15.0 integration (#2153)
   * docs: fix the operator version (#2167)
   * fix(k8s): summary report when when only vulns exit (#2146)
   * chore(deps): Update fanal to get defsec v0.58.2 (fixes false positives
     in ksv038) (#2156)
   * perf(misconf): Improve performance when scanning very large files (#2152)
   * docs(misconf): Update examples and docs to refer to builtin/defsec
     instead of appshield (#2150)
   * chore(deps): Update fanal (for less verbose code in misconf results)
     (#2151)
   * docs: fixed installation instruction for rhel/centos (#2143)

   Update to version 0.28.0 (boo#1199760, CVE-2022-28946):

   * fix: remove Highlighted from json output (#2131)
   * fix: remove trivy-kubernetes replace (#2132)
   * docs: Add Operator docs under Kubernetes section (#2111)
   * fix(k8s): security-checks panic (#2127)
   * ci: added k8s scope (#2130)
   * docs: Update misconfig output in examples (#2128)
   * fix(misconf): Fix coloured output in Goland terminal (#2126)
   * docs(secret): Fix default value of --security-checks in docs (#2107)
   * refactor(report): move colorize function from trivy-db (#2122)
   * feat: k8s resource scanning (#2118)
   * chore: add CODEOWNERS (#2121)
   * feat(image): add `--server` option for remote scans (#1871)
   * refactor: k8s (#2116)
   * refactor: export useful APIs (#2108)
   * docs: fix k8s doc (#2114)
   * feat(kubernetes): Add report flag for summary (#2112)
   * fix: Remove problematic advanced rego policies (#2113)
   * feat(misconf): Add special output format for misconfigurations (#2100)
   * feat:  add k8s subcommand (#2065)
   * chore: fix make lint version (#2102)
   * fix(java): handle relative pom modules (#2101)
   * fix(misconf): Add missing links for non-rego misconfig results (#2094)
   * feat(misconf): Added fs.FS based scanning via latest defsec (#2084)
   * chore(os): updated fanal version and alpine distroless test (#2086)
   * feat(report): add support for SPDX (#2059)
   * chore: app version 0.27.0 (#2046)
   * fix(misconf): added to skip conf files if their scanning is not enabled
     (#2066)
   * docs(secret) fix rule path in docs (#2061)
   * docs: change from go.sum to go.mod (#2056)

   Update to version 0.27.1:

   * refactor(fs): scanner options (#2050)
   * feat(secret): truncate long line (#2052)
   * docs: fix a broken bullets (#2042)
   * feat(ubuntu): add 22.04 approx eol date (#2044)
   * docs: update installation.md (#2027)
   * docs: add Containerfile (#2032)

   Update to version 0.27.0:

   * fix(go): fixed panic to scan gomod without version (#2038)
   * docs(mariner): confirm it works with Mariner 2.0 VM (#2036)
   * feat(secret): support enable rules (#2035)
   * chore: app version 26.0 (#2030)
   * docs(secret): add a demo movie (#2031)
   * feat: support cache TTL in Redis (#2021)
   * fix(go): skip system installed binaries (#2028)
   * fix(go): check if go.sum is nil (#2029)
   * feat: add secret scanning (#1901)
   * chore: gh publish only with push the tag release (#2025)
   * fix(fs): ignore permission errors (#2022)
   * test(mod): using correct module inside test go.mod (#2020)
   * feat(server): re-add proxy support for client/server communications
     (#1995)
   * fix(report): truncate a description before escaping in ASFF template
     (#2004)
   * fix(cloudformation): correct margin removal for empty lines (#2002)
   * fix(template): correct check of old sarif template files (#2003)

   Update to version 0.26.0:

   * feat(alpine): warn mixing versions (#2000)
   * Update ASFF template (#1914)
   * chore(deps): replace `containerd/containerd` version to fix
     CVE-2022-23648 (#1994)
   * test(go): add integration tests for gomod (#1989)
   * fix(python): fixed panic when scan .egg archive (#1992)
   * fix(go): set correct go modules type (#1990)
   * feat(alpine): support apk repositories (#1987)
   * docs: add CBL-Mariner (#1982)
   * docs(go): fix version (#1986)
   * feat(go): support go.mod in Go 1.17+ (#1985)
   * ci: fix URLs in the PR template (#1972)
   * ci: add semantic pull requests check (#1968)
   * docs(issue): added docs for wrong detection issues (#1961)

   Update to version 0.25.4:

   * docs: move CONTRIBUTING.md to docs (#1971)
   * refactor(table): use file name instead package path (#1966)
   * fix(sbom): add --db-repository (#1964)
   * feat(table): add PkgPath in table result (#1960)
   * fix(pom): merge multiple pom imports in a good manner (#1959)

   Update to version 0.25.3:

   * fix(downloadDB): add dbRepositoryFlag to repository and rootfs commands
     (#1956)
   * fix(misconf): update BurntSushi/toml for fix runtime error (#1948)
   * fix(misconf): Update fanal/defsec to resolve missing metadata issues
     (#1947)
   * feat(jar): allow setting Maven Central URL using environment variable
     (#1939)
   * chore(chart): update Trivy version in HelmChart to 0.25.0 (#1931)
   * chore(chart): remove version comments (#1933)

   Update to version 0.25.2:

   * fix(downloadDB): add flag to server command (#1942)

   Update to version 0.25.1:

   * fix(misconf): update defsec to resolve panics (#1935)
   * docs: restructure the documentation (#1887)
   * Add trivy horizontal logo (#1932)
   * feat(db): Add dbRepository flag to get advisory database from OCI
     registry (#1873)

   - Buildrequire go1.18 as upstream says in go.mod

   Update to version 0.25.0:

   * docs(filter vulnerabilities): fix link (#1880)
   * feat(template) Add misconfigurations to gitlab codequality report (#1756)
   * fix(rpc): add PkgPath field to client / server mode (#1643)
   * fix(vulnerabilities): fixed trivy-db vulns (#1883)
   * feat(cache): remove temporary cache after filesystem scanning (#1868)
   * feat(sbom): add a dedicated sbom command (#1799)
   * feat(cyclonedx): add vulnerabilities (#1832)
   * fix(option): hide false warning about remote options (#1865)
   * feat(filesystem): scan in client/server mode (#1829)
   * refactor(template): remove unused test (#1861)
   * fix(cli): json format for trivy version (#1854)
   * docs: change URL for tfsec-checks (#1857)


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP3:

      zypper in -t patch openSUSE-2022-10094=1



Package List:

   - openSUSE Backports SLE-15-SP3 (aarch64 i586 s390x x86_64):

      trivy-0.30.4-bp153.8.1


References:

   https://www.suse.com/security/cve/CVE-2022-1996.html
   https://www.suse.com/security/cve/CVE-2022-23648.html
   https://www.suse.com/security/cve/CVE-2022-28946.html
   https://bugzilla.suse.com/1199760

openSUSE: 2022:10094-1 moderate: trivy

August 20, 2022
An update that fixes three vulnerabilities is now available

Description

This update for trivy fixes the following issues: Update to version 0.30.4: * fix: remove the first arg when running as a plugin (#2595) * fix: k8s controlplaner scanning (#2593) * fix(vuln): GitLab report template (#2578) Update to version 0.30.3: * fix(server): use a new db worker for hot updates (#2581) * docs: add trivy with download-db-only flag to Air-Gapped Environment (#2583) * docs: split commands to download db for different versions of oras (#2582) * feat(report): export exitcode for license checks (#2564) * fix: cli can use lowercase for severities (#2565) * fix: allow subcommands with TRIVY_RUN_AS_PLUGIN (#2577) * fix: add missing types in TypeOSes and TypeLanguages in analyzer (#2569) * fix: enable some features of the wasm runtime (#2575) * fix(k8s): no error logged if trivy can't get docker image in kubernetes mode (#2521) * docs(sbom): improve sbom attestation documentation (#2566) Update to version 0.30.2: * fix(report): show the summary without results (#2548) * fix(cli): replace '-' to '_' for env vars (#2561) Update to version 0.30.1: * chore: remove a test repository (#2551) * fix(license): lazy loading of classifiers (#2547) * fix: CVE-2022-1996 in Trivy (#2499) * docs(sbom): add sbom attestation (#2527) * feat(rocky): set Rocky Linux 9 EOL (#2543) * docs: add attributes to the video tag to autoplay demo videos (#2538) * fix: yaml files with non-string chart name (#2534) * fix: skip dirs (#2530) * feat(repo): add support for branch, commit, & tag (#2494) * fix: remove auto configure environment variables via viper (#2526) Update to version 0.30.0: * fix: separating multiple licenses from one line in dpkg copyright files (#2508) * fix: change a capital letter for `plugin uninstall` subcommand (#2519) * fix: k8s hide empty report when scanning resource (#2517) * refactor: fix comments (#2516) * fix: scan vendor dir (#2515) * feat: Add support for license scanning (#2418) * chore: add owners for secret scanning (#2485) * fix: remove dependency-tree flag for image subcommand (#2492) * fix(k8s): add shorthand for k8s namespace flag (#2495) * docs: add information about using multiple servers to troubleshooting (#2498) * ci: add pushing canary build images to registries (#2428) * feat(dotnet): add support for .Net core .deps.json files (#2487) * feat(amazon): add support for 2022 version (#2429) * Type correction bitnami chart (#2415) * docs: add config file and update CLI references (#2489) * feat: add support for flag groups (#2488) * refactor: move from urfave/cli to spf13/cobra (#2458) * fix: Fix secrets output not containing file/lines (#2467) * fix: clear output with modules (#2478) * docs(cbl): distroless 1.0 supported (#2473) * fix: Fix example dockerfile rego policy (#2460) * fix(config): add helm to list of config analyzers (#2457) * feat: k8s resouces scan (#2395) * feat(sbom): add cyclonedx sbom scan (#2203) * docs: remove links to removed content (#2431) * ci: added rpm build for rhel 9 (#2437) * fix(secret): remove space from asymmetric private key (#2434) * test(integration): fix golden files for debian 9 (#2435) * fix(cli): fix version string in docs link when secret scanning is enabled (#2422) * refactor: move CycloneDX marshaling (#2420) * docs(nodejs): add docs about pnpm support (#2423) * docs: improve k8s usage documentation (#2425) * feat: Make secrets scanning output consistant (#2410) * ci: create canary build after main branch changes (#1638) * fix(misconf): skip broken scans (#2396) * feat(nodejs): add pnpm support (#2414) * fix: Fix false positive for use of COS images (#2413) * eliminate nerdctl dependency (#2412) * Add EOL date for SUSE SLES 15.3, 15.4 and OpenSUSE 15.4 (#2403) * fix(go): no cast to lowercase go package names (#2401) * BREAKING(sbom): change 'trivy sbom' to scan SBOM (#2408) * fix(server): hot update the db from custom repository (#2406) * feat: added license parser for dpkg (#2381) * fix(misconf): Update defsec (v0.68.5) to fix docker rego duplicate key (#2400) * feat: extract stripe publishable and secret keys (#2392) * feat: rbac support k8s sub-command (#2339) * feat(ruby): drop platform strings from dependency versions bundled with bundler v2 (#2390) * docs: Updating README with new CLI command (#2359) * fix(misconf): Update defsec to v0.68.4 to resolve CF detection bug (#2383) * chore: add integration label and merge security label (#2316) Update to version 0.29.2: * chore: skip Visual Studio Code project folder (#2379) * fix(helm): handle charts with templated names (#2374) * docs: redirect operator docs to trivy-operator repo (#2372) * fix(secret): use secret result when determining Failed status (#2370) * try removing libdb-dev * run integration tests in fanal * use same testing images in fanal * feat(helm): add support for trivy dbRepository (#2345) * fix: Fix failing test due to deref lint issue * test: Fix broken test * fix: Fix makefile when no previous named ref is visible in a shallow clone * chore: Fix linting issues in fanal * refactor: Fix fanal import paths and remove dotfiles Update to version 0.29.1: * fix(report): add required fields to the SARIF template (#2341) * chore: fix spelling errors (#2352) * Omit Remediation if PrimaryURL is empty (#2006) * docs(repo): Link to installation documentation in readme shows 404 (#2348) * feat(alma): support for scanning of modular packages for AlmaLinux (#2347) Update to version 0.29.0: * fix(lang): fix dependency graph in client server mode (#2336) * feat: allow expiration date for .trivyignore entries (#2332) * feat(lang): add dependency origin graph (#1970) * docs: update nix installation info (#2331) * feat: add rbac scanning support (#2328) * refactor: move WordPress module to another repository (#2329) * ci: add support for ppc64le (#2281) * feat: add support for WASM modules (#2195) * feat(secret): show recommendation for slow scanning (#2051) * fix(flag): remove --clear-cache flag client mode (#2301) * fix(java): added check for looping for variable evaluation in pom file (#2322) * BREAKING(k8s): change CLI API (#2186) * feat(alpine): add Alpine Linux 3.16 (#2319) * ci: add `go mod tidy` check (#2314) * chore: run `go mod tidy` (#2313) * fix: do not exit if one resource is not found (#2311) * feat(cli): use stderr for all log messages (resolve #381) (#2289) * test: replace deprecated subcommand client in integration tests (#2308) * feat: add support for containerd (#2305) * fix(kubernetes): Support floats in manifest yaml (#2297) * docs(kubernetes): dead links (#2307) * chore: add license label (#2304) * feat(mariner): added support for CBL-Mariner Distroless v2.0 (#2293) * feat(helm): add pod annotations (#2272) * refactor: do not import defsec in fanal types package (#2292) * feat(report): Add misconfiguration support to ASFF report template (#2285) * test: use images in GHCR (#2275) * feat(helm): support pod annotations (#2265) * feat(misconf): Helm chart scanning (#2269) * docs: Update custom rego policy docs to reflect latest defsec/fanal changes (#2267) * fix: mask redis credentials when logging (#2264) * refactor: extract commands Runner interface (#2147) * docs: update operator release (#2263) * feat(redhat): added architecture check (#2172) * docs: updating links in the docs to work again (#2256) * docs: fix readme (#2251) * fix: fixed incorrect CycloneDX output format (#2255) * refactor(deps): move dependencies to package (#2189) * fix(report): change github format version to required (#2229) * docs: update readme (#2110) * docs: added information about choosing advisory database (#2212) * chore: update trivy-kubernetes (#2224) * docs: clarifying parts of the k8s docs and updating links (#2222) * fix(k8s): timeout error logging (#2179) * chore(deps): updated fanal after fix AsymmetricPrivateKeys (#2214) * feat(k8s): add --context flag (#2171) * fix(k8s): properly instantiate TableWriter (#2175) * test: fixed integration tests after updating testcontainers to v0.13.0 (#2208) * chore: update labels (#2197) * fix(report): fixed panic if all misconf reports were removed in filter (#2188) * feat(k8s): scan secrets (#2178) * feat(report): GitHub Dependency Snapshots support (#1522) * feat(db): added insecure skip tls verify to download trivy db (#2140) * fix(redhat): always use vulns with fixed version if there is one (#2165) * chore(redhat): Add support for Red Hat UBI 9. (#2183) * fix(k8s): update trivy-kubernetes (#2163) * fix misconfig start line for code quality tpl (#2181) * fix: update docker/distribution from 2.8.0 to 2.8.1 (#2176) * docs(vuln): Include GitLab 15.0 integration (#2153) * docs: fix the operator version (#2167) * fix(k8s): summary report when when only vulns exit (#2146) * chore(deps): Update fanal to get defsec v0.58.2 (fixes false positives in ksv038) (#2156) * perf(misconf): Improve performance when scanning very large files (#2152) * docs(misconf): Update examples and docs to refer to builtin/defsec instead of appshield (#2150) * chore(deps): Update fanal (for less verbose code in misconf results) (#2151) * docs: fixed installation instruction for rhel/centos (#2143) Update to version 0.28.0 (boo#1199760, CVE-2022-28946): * fix: remove Highlighted from json output (#2131) * fix: remove trivy-kubernetes replace (#2132) * docs: Add Operator docs under Kubernetes section (#2111) * fix(k8s): security-checks panic (#2127) * ci: added k8s scope (#2130) * docs: Update misconfig output in examples (#2128) * fix(misconf): Fix coloured output in Goland terminal (#2126) * docs(secret): Fix default value of --security-checks in docs (#2107) * refactor(report): move colorize function from trivy-db (#2122) * feat: k8s resource scanning (#2118) * chore: add CODEOWNERS (#2121) * feat(image): add `--server` option for remote scans (#1871) * refactor: k8s (#2116) * refactor: export useful APIs (#2108) * docs: fix k8s doc (#2114) * feat(kubernetes): Add report flag for summary (#2112) * fix: Remove problematic advanced rego policies (#2113) * feat(misconf): Add special output format for misconfigurations (#2100) * feat: add k8s subcommand (#2065) * chore: fix make lint version (#2102) * fix(java): handle relative pom modules (#2101) * fix(misconf): Add missing links for non-rego misconfig results (#2094) * feat(misconf): Added fs.FS based scanning via latest defsec (#2084) * chore(os): updated fanal version and alpine distroless test (#2086) * feat(report): add support for SPDX (#2059) * chore: app version 0.27.0 (#2046) * fix(misconf): added to skip conf files if their scanning is not enabled (#2066) * docs(secret) fix rule path in docs (#2061) * docs: change from go.sum to go.mod (#2056) Update to version 0.27.1: * refactor(fs): scanner options (#2050) * feat(secret): truncate long line (#2052) * docs: fix a broken bullets (#2042) * feat(ubuntu): add 22.04 approx eol date (#2044) * docs: update installation.md (#2027) * docs: add Containerfile (#2032) Update to version 0.27.0: * fix(go): fixed panic to scan gomod without version (#2038) * docs(mariner): confirm it works with Mariner 2.0 VM (#2036) * feat(secret): support enable rules (#2035) * chore: app version 26.0 (#2030) * docs(secret): add a demo movie (#2031) * feat: support cache TTL in Redis (#2021) * fix(go): skip system installed binaries (#2028) * fix(go): check if go.sum is nil (#2029) * feat: add secret scanning (#1901) * chore: gh publish only with push the tag release (#2025) * fix(fs): ignore permission errors (#2022) * test(mod): using correct module inside test go.mod (#2020) * feat(server): re-add proxy support for client/server communications (#1995) * fix(report): truncate a description before escaping in ASFF template (#2004) * fix(cloudformation): correct margin removal for empty lines (#2002) * fix(template): correct check of old sarif template files (#2003) Update to version 0.26.0: * feat(alpine): warn mixing versions (#2000) * Update ASFF template (#1914) * chore(deps): replace `containerd/containerd` version to fix CVE-2022-23648 (#1994) * test(go): add integration tests for gomod (#1989) * fix(python): fixed panic when scan .egg archive (#1992) * fix(go): set correct go modules type (#1990) * feat(alpine): support apk repositories (#1987) * docs: add CBL-Mariner (#1982) * docs(go): fix version (#1986) * feat(go): support go.mod in Go 1.17+ (#1985) * ci: fix URLs in the PR template (#1972) * ci: add semantic pull requests check (#1968) * docs(issue): added docs for wrong detection issues (#1961) Update to version 0.25.4: * docs: move CONTRIBUTING.md to docs (#1971) * refactor(table): use file name instead package path (#1966) * fix(sbom): add --db-repository (#1964) * feat(table): add PkgPath in table result (#1960) * fix(pom): merge multiple pom imports in a good manner (#1959) Update to version 0.25.3: * fix(downloadDB): add dbRepositoryFlag to repository and rootfs commands (#1956) * fix(misconf): update BurntSushi/toml for fix runtime error (#1948) * fix(misconf): Update fanal/defsec to resolve missing metadata issues (#1947) * feat(jar): allow setting Maven Central URL using environment variable (#1939) * chore(chart): update Trivy version in HelmChart to 0.25.0 (#1931) * chore(chart): remove version comments (#1933) Update to version 0.25.2: * fix(downloadDB): add flag to server command (#1942) Update to version 0.25.1: * fix(misconf): update defsec to resolve panics (#1935) * docs: restructure the documentation (#1887) * Add trivy horizontal logo (#1932) * feat(db): Add dbRepository flag to get advisory database from OCI registry (#1873) - Buildrequire go1.18 as upstream says in go.mod Update to version 0.25.0: * docs(filter vulnerabilities): fix link (#1880) * feat(template) Add misconfigurations to gitlab codequality report (#1756) * fix(rpc): add PkgPath field to client / server mode (#1643) * fix(vulnerabilities): fixed trivy-db vulns (#1883) * feat(cache): remove temporary cache after filesystem scanning (#1868) * feat(sbom): add a dedicated sbom command (#1799) * feat(cyclonedx): add vulnerabilities (#1832) * fix(option): hide false warning about remote options (#1865) * feat(filesystem): scan in client/server mode (#1829) * refactor(template): remove unused test (#1861) * fix(cli): json format for trivy version (#1854) * docs: change URL for tfsec-checks (#1857)

 

Patch

To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-10094=1

Package List

- openSUSE Backports SLE-15-SP3 (aarch64 i586 s390x x86_64): trivy-0.30.4-bp153.8.1

References

https://www.suse.com/security/cve/CVE-2022-1996.html https://www.suse.com/security/cve/CVE-2022-23648.html https://www.suse.com/security/cve/CVE-2022-28946.html https://bugzilla.suse.com/1199760

Severity
Announcement ID: openSUSE-SU-2022:10094-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP3 .

Related News

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.