openSUSE-SU-2022:10022-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2022:10022-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2022:10022-1
Related
Published
2022-06-21T16:01:17Z
Modified
2022-06-21T16:01:17Z
Summary
Security update for trivy
Details

This update for trivy fixes the following issues:

trivy was updated to version 0.28.0 (boo#1199760, CVE-2022-28946):

  • fix: remove Highlighted from json output (#2131)
  • fix: remove trivy-kubernetes replace (#2132)
  • docs: Add Operator docs under Kubernetes section (#2111)
  • fix(k8s): security-checks panic (#2127)
  • ci: added k8s scope (#2130)
  • docs: Update misconfig output in examples (#2128)
  • fix(misconf): Fix coloured output in Goland terminal (#2126)
  • docs(secret): Fix default value of --security-checks in docs (#2107)
  • refactor(report): move colorize function from trivy-db (#2122)
  • feat: k8s resource scanning (#2118)
  • chore: add CODEOWNERS (#2121)
  • feat(image): add --server option for remote scans (#1871)
  • refactor: k8s (#2116)
  • refactor: export useful APIs (#2108)
  • docs: fix k8s doc (#2114)
  • feat(kubernetes): Add report flag for summary (#2112)
  • fix: Remove problematic advanced rego policies (#2113)
  • feat(misconf): Add special output format for misconfigurations (#2100)
  • feat: add k8s subcommand (#2065)
  • chore: fix make lint version (#2102)
  • fix(java): handle relative pom modules (#2101)
  • fix(misconf): Add missing links for non-rego misconfig results (#2094)
  • feat(misconf): Added fs.FS based scanning via latest defsec (#2084)
  • chore(deps): bump trivy-issue-action to v0.0.4 (#2091)
  • chore(deps): bump github.com/twitchtv/twirp (#2077)
  • chore(deps): bump github.com/urfave/cli/v2 from 2.4.0 to 2.5.1 (#2074)
  • chore(os): updated fanal version and alpine distroless test (#2086)
  • chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.1 to 0.5.2 (#2075)
  • chore(deps): bump github.com/samber/lo from 1.16.0 to 1.19.0 (#2076)
  • feat(report): add support for SPDX (#2059)
  • chore(deps): bump actions/setup-go from 2 to 3 (#2073)
  • chore(deps): bump actions/cache from 3.0.1 to 3.0.2 (#2071)
  • chore(deps): bump golang from 1.18.0 to 1.18.1 (#2069)
  • chore(deps): bump actions/stale from 4 to 5 (#2070)
  • chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.3.0 (#2072)
  • chore(deps): bump github.com/open-policy-agent/opa from 0.39.0 to 0.40.0 (#2079)
  • chore: app version 0.27.0 (#2046)
  • fix(misconf): added to skip conf files if their scanning is not enabled (#2066)
  • docs(secret) fix rule path in docs (#2061)
  • docs: change from go.sum to go.mod (#2056)

Update to version 0.27.1:

  • chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.0 to 0.5.1 (#1926)
  • refactor(fs): scanner options (#2050)
  • feat(secret): truncate long line (#2052)
  • docs: fix a broken bullets (#2042)
  • feat(ubuntu): add 22.04 approx eol date (#2044)
  • docs: update installation.md (#2027)
  • docs: add Containerfile (#2032)

Update to version 0.27.0:

  • fix(go): fixed panic to scan gomod without version (#2038)
  • docs(mariner): confirm it works with Mariner 2.0 VM (#2036)
  • feat(secret): support enable rules (#2035)
  • chore: app version 26.0 (#2030)
  • docs(secret): add a demo movie (#2031)
  • feat: support cache TTL in Redis (#2021)
  • fix(go): skip system installed binaries (#2028)
  • fix(go): check if go.sum is nil (#2029)
  • feat: add secret scanning (#1901)
  • chore: gh publish only with push the tag release (#2025)
  • fix(fs): ignore permission errors (#2022)
  • test(mod): using correct module inside test go.mod (#2020)
  • feat(server): re-add proxy support for client/server communications (#1995)
  • fix(report): truncate a description before escaping in ASFF template (#2004)
  • fix(cloudformation): correct margin removal for empty lines (#2002)
  • fix(template): correct check of old sarif template files (#2003)

Update to version 0.26.0:

  • feat(alpine): warn mixing versions (#2000)
  • Update ASFF template (#1914)
  • chore(deps): replace containerd/containerd version to fix CVE-2022-23648 (#1994)
  • chore(deps): bump alpine from 3.15.3 to 3.15.4 (#1993)
  • test(go): add integration tests for gomod (#1989)
  • fix(python): fixed panic when scan .egg archive (#1992)
  • fix(go): set correct go modules type (#1990)
  • feat(alpine): support apk repositories (#1987)
  • docs: add CBL-Mariner (#1982)
  • docs(go): fix version (#1986)
  • feat(go): support go.mod in Go 1.17+ (#1985)
  • ci: fix URLs in the PR template (#1972)
  • ci: add semantic pull requests check (#1968)
  • docs(issue): added docs for wrong detection issues (#1961)

Update to version 0.25.4:

  • docs: move CONTRIBUTING.md to docs (#1971)
  • refactor(table): use file name instead package path (#1966)
  • fix(sbom): add --db-repository (#1964)
  • feat(table): add PkgPath in table result (#1960)
  • fix(pom): merge multiple pom imports in a good manner (#1959)

Update to version 0.25.3:

  • fix(downloadDB): add dbRepositoryFlag to repository and rootfs commands (#1956)
  • fix(misconf): update BurntSushi/toml for fix runtime error (#1948)
  • fix(misconf): Update fanal/defsec to resolve missing metadata issues (#1947)
  • feat(jar): allow setting Maven Central URL using environment variable (#1939)
  • chore(chart): update Trivy version in HelmChart to 0.25.0 (#1931)
  • chore(chart): remove version comments (#1933)

Update to version 0.25.2:

  • fix(downloadDB): add flag to server command (#1942)

Update to version 0.25.1:

  • fix(misconf): update defsec to resolve panics (#1935)
  • chore(deps): bump github.com/docker/docker (#1924)
  • docs: restructure the documentation (#1887)
  • chore(deps): bump github.com/urfave/cli/v2 from 2.3.0 to 2.4.0 (#1923)
  • chore(deps): bump actions/cache from 2 to 3.0.1 (#1920)
  • chore(deps): bump actions/checkout from 2 to 3 (#1916)
  • chore(deps): bump github.com/open-policy-agent/opa from 0.37.2 to 0.39.0 (#1921)
  • chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.1.0 (#1919)
  • chore(deps): bump helm/chart-testing-action from 2.2.0 to 2.2.1 (#1918)
  • chore(deps): bump golang from 1.17 to 1.18.0 (#1915)
  • Add trivy horizontal logo (#1932)
  • chore(deps): bump alpine from 3.15.0 to 3.15.3 (#1917)
  • chore(deps): bump github.com/go-redis/redis/v8 from 8.11.4 to 8.11.5 (#1925)
  • chore(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#1927)
  • feat(db): Add dbRepository flag to get advisory database from OCI registry (#1873)

Update to version 0.25.0:

  • docs(filter vulnerabilities): fix link (#1880)
  • feat(template) Add misconfigurations to gitlab codequality report (#1756)
  • fix(rpc): add PkgPath field to client / server mode (#1643)
  • fix(vulnerabilities): fixed trivy-db vulns (#1883)
  • feat(cache): remove temporary cache after filesystem scanning (#1868)
  • feat(sbom): add a dedicated sbom command (#1799)
  • feat(cyclonedx): add vulnerabilities (#1832)
  • fix(option): hide false warning about remote options (#1865)
  • chore: bump up Go to 1.18 (#1862)
  • feat(filesystem): scan in client/server mode (#1829)
  • refactor(template): remove unused test (#1861)
  • fix(cli): json format for trivy version (#1854)
  • docs: change URL for tfsec-checks (#1857)
References

Affected packages

SUSE:Package Hub 15 SP4 / trivy

Package

Name
trivy
Purl
purl:rpm/suse/trivy&distro=SUSE%20Package%20Hub%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.28.0-bp154.2.3.1

Ecosystem specific

{
    "binaries": [
        {
            "trivy": "0.28.0-bp154.2.3.1"
        }
    ]
}

openSUSE:Leap 15.4 / trivy

Package

Name
trivy
Purl
purl:rpm/suse/trivy&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.28.0-bp154.2.3.1

Ecosystem specific

{
    "binaries": [
        {
            "trivy": "0.28.0-bp154.2.3.1"
        }
    ]
}