[bitnami/mariadb-galera] CVE-2024-25062 Security Vulnerability found in libxml2 library #73481
Assignees
Labels
mariadb-galera
tech-issues
The user has a technical issue about an application
triage
Triage is needed
Comments
jpelletier412
added
the
tech-issues
|
Hi, You can check the status in the upstream debian CVE tracker https://security-tracker.debian.org/tracker/CVE-2024-25062 It seems that they marked the issue as minor. As soon as they release a fixed version we will update the images. |
javsalgar
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Name and Version
bitnami/mariadb-galera:11.5.2-debian-12-r2
What architecture are you using?
amd64
What steps will reproduce the bug?
Running a security scan will show CVE-2024-25062 in debian/libxml2:2.9.14+dfsg-1.3~deb12u1
What is the expected behavior?
High CVEs are not present in software
What do you see instead?
debian/libxml2:2.9.14+dfsg-1.3~deb12u1has CVE-2024-25062 vulnerability - https://nvd.nist.gov/vuln/detail/CVE-2024-25062#range-13018875.The issue seems to be in their v2.12.x versions and earlier. I reviewed the library packages in the latest mariadb-galera image (which at time of this ticket is 11.5.2-debian-12-r3) and I still see debian/libxml2:2.9.14+dfsg-1.3~deb12u1being used. Request that this library be upgraded to at least 2.13.4 as this looks like the first version that no longer has this vulnerability. All prior versions seem to have the CVE.
Additional information
No response
The text was updated successfully, but these errors were encountered: