security: fix CVE-2022-1292 #954
Conversation
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
k8s-ci-robot
added
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: aramase The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
@aramase: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
Signed-off-by: Anish Ramasekar anish.ramasekar@gmail.com
What this PR does / why we need it:
e2e/driver:test-linux-amd64 (debian 11.3) Total: 1 (MEDIUM: 0, HIGH: 0, CRITICAL: 1) ┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬───────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼───────────────────────────────────────────────────┤ │ libssl1.1 │ CVE-2022-1292 │ CRITICAL │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ openssl: c_rehash script allows command injection │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ └───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴───────────────────────────────────────────────────┘Which issue(s) this PR fixes (optional, using
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when the PR gets merged):Fixes #
Special notes for your reviewer:
TODOs: