有人可以建议如何修复 Klar 使用 Clair 扫描仪为我的 Azure ACR 映像发现的漏洞。我对使用容器还是很陌生。
这是 Klar 的结果示例
Found in: apparmor [2.10.95-0ubuntu2.11]
Fixed By:
In all versions of AppArmor mount rules are accidentally widened when compiled.
http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-1585
-----------------------------------------
CVE-2020-3810: [Medium]
Found in: apt [1.2.32]
Fixed By: 1.2.32ubuntu0.1
Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.
http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-3810
-----------------------------------------
CVE-2018-11237: [Medium]
Found in: glibc [2.23-0ubuntu11]
Fixed By: 2.23-0ubuntu11.2
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.
http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-11237
-----------------------------------------
CVE-2018-6485: [Medium]
Found in: glibc [2.23-0ubuntu11]
Fixed By: 2.23-0ubuntu11.2
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6485
-----------------------------------------
CVE-2017-18269: [Medium]
Found in: glibc [2.23-0ubuntu11]
Fixed By: 2.23-0ubuntu11.2
An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.
http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-18269
-----------------------------------------
CVE-2020-1751: [Medium]
Found in: glibc [2.23-0ubuntu11]
Fixed By: 2.23-0ubuntu11.2
An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.
http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-1751
-----------------------------------------```