enterprise-search/enterprise-search:7.11.1

Size

383.93 MB

Architecture

amd64

Created

2021-02-15

Pull command

docker pull docker.elastic.co/enterprise-search/enterprise-search:7.11.1

Vulnerability report

Critical

0 High

1 Medium

7 Low

0 Negligible

0 Unknown

0

High

CVE	Package	Version	Description
RHSA-2020:5476	openssl-libs	1:1.1.1g-11.el8	OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Reject certificates with explicit EC parameters in strict mode (BZ#1891541) * Add FIPS selftest for HKDF, SSKDF, SSHKDF, and TLS12PRF; add DH_compute_key KAT to DH selftest (BZ#1891542)

Medium

CVE	Package	Version	Description
RHSA-2020:4654	python2-setuptools-wheel	39.0.1-12.module_el8.3.0+478+7570e00c	Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Security Fix(es): * python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907) * python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py (CVE-2019-20916) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
RHSA-2020:4654	python2-libs	2.7.17-2.module_el8.3.0+478+7570e00c	Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Security Fix(es): * python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907) * python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py (CVE-2019-20916) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
RHSA-2020:4654	python2-setuptools	39.0.1-12.module_el8.3.0+478+7570e00c	Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Security Fix(es): * python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907) * python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py (CVE-2019-20916) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
RHSA-2020:4654	python2	2.7.17-2.module_el8.3.0+478+7570e00c	Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Security Fix(es): * python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907) * python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py (CVE-2019-20916) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
RHSA-2020:4654	python2-pip-wheel	9.0.3-18.module_el8.3.0+478+7570e00c	Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Security Fix(es): * python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907) * python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py (CVE-2019-20916) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
RHSA-2020:4654	python2-pip	9.0.3-18.module_el8.3.0+478+7570e00c	Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Security Fix(es): * python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907) * python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py (CVE-2019-20916) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
RHSA-2020:5483	gnutls	3.6.14-6.el8	The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fix(es): * gnutls: Heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * gnutls: Add self-tests for implemented KDF algorithms and CMAC (BZ#1903037)