Scan results for 21.08.525

OpenSCAP and vulnerability scan report:
  • Prisma Cloud Compute release: 21.08 Update2 (21.08.525)
  • Base image: registry.access.redhat.com/ubi8/ubi-minimal:8.4-205
  • Benchmark URL: scap-security-guide-0.1.57/ssg-rhel8-ds.xml
  • Benchmark ID: xccdf_org.ssgproject.content_benchmark_RHEL-8
  • Profile ID: xccdf_org.ssgproject.content_profile_stig
  • Compared to IronBank’s UBI8-minimal, Version 8.4, Build Date: 2021-11-22

twistlock/private:console_21_08_525

Findings for Prisma Cloud Compute Console.

OpenSCAP report

You can find the OpenSCAP report here
Rule_ID
Compute finding
IronBank finding
Justification
xccdf_org.ssgproject.content_rule_configure_openssl_crypto_policy
Pass
Fail
/etc/pki/tls/openssl.cnf configured according to check
xccdf_org.ssgproject.content_rule_banner_etc_issue
Fail
Pass
Application is a non-interactive container. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214587
Fail
Pass
CVE-2021-42574 libgcc, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214513
Fail
Pass
CVE-2021-36084 & CVE-2021-36085 & CVE-2021-36086 & CVE-2021-36087 libsepol, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214513
Fail
Pass
CVE-2021-22925 & CVE-2021-22898 & CVE-2021-22876 curl, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214511
Fail
Pass
CVE-2021-22925 & CVE-2021-22898 & CVE-2021-22876 curl, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214510
Fail
Pass
CVE-2020-24370 lua-libs, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214489
Fail
Pass
CVE-2021-20266 rpm & rpm-libs, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214451
Fail
Pass
CVE-2021-3580 & CVE-2021-20231 & CVE-2021-20232 gnutls, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214426
Fail
Pass
CVE-2019-17594 & CVE-2019-17595 ncurses-libs & ncurses-base, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214424
Fail
Pass
CVE-2021-23840 openssl & openssl-libs, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214409
Fail
Pass
CVE-2021-33560 libgcrypt, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214387
Fail
Pass
CVE-2020-16135 libssh-config, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214386
Fail
Pass
CVE-2021-42574 libgcc, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214385
Fail
Pass
CVE-2021-28153 glib2, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214382
Fail
Pass
CVE-2020-12762 json-c, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214374
Fail
Pass
CVE-2019-18218 file-libs, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214373
Fail
Pass
CVE-2020-14155 & CVE-2019-20838 pcre, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214358
Fail
Pass
CVE-2021-35942 & CVE-2021-33574 & CVE-2021-27645 glibc & glibc-common & glibc-minimal-langpack, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214151
Fail
Pass
CVE-2021-42771 & CVE-2021-23336 & CVE-2021-27291 & CVE-2020-28493 & CVE-2021-20270 & CVE-2021-28957 python2, to be patched in the next release (Joule).

Vulnerabilities full report

You can find the full vulnerabilities report here.
CVE
Package
Version
Fix Status
Justification
CVE-2019-17594 & CVE-2019-17595
ncurses-libs & ncurses-base
6.1-7.20180224.el8
To be patched in next release, Joule
CVE-2021-35942 & CVE-2021-33574 & CVE-2021-27645
glibc & glibc-common & glibc-minimal-langpack
2.28-151.el8
To be patched in next release, Joule
CVE-2021-23840
openssl & openssl-libs
1.1.1g-15.el8_3
To be patched in next release, Joule
CVE-2021-20231 & CVE-2021-20232
nettle
3.4.1-4.el8_3
To be patched in next release, Joule
CVE-2019-18218
file-libs
5.33-16.el8_3.1
To be patched in next release, Joule
CVE-2020-12762
json-c
0.13.1-0.4.el8
To be patched in next release, Joule
CVE-2021-20266
rpm & rpm-libs
4.14.3-14.el8_4
To be patched in next release, Joule
CVE-2021-28153
glib2
2.56.4-10.el8_4.1
To be patched in next release, Joule
CVE-2021-22925 & CVE-2021-22898 & CVE-2021-22876
libcurl
7.61.1-18.el8_4.2
To be patched in next release, Joule
CVE-2021-42574
libgcc
8.4.1-1.el8
To be patched in next release, Joule
CVE-2021-36084 & CVE-2021-36085 & CVE-2021-36086 & CVE-2021-36087
libsepol
2.9-2.el8
To be patched in next release, Joule
CVE-2021-33560
libgcrypt
1.8.5-4.el8
To be patched in next release, Joule
CVE-2020-24370
lua-libs
5.3.4-11.el8
To be patched in next release, Joule
CVE-2020-14155 & CVE-2019-20838
pcre
8.42-4.el8
To be patched in next release, Joule
CVE-2021-3580 & CVE-2021-20231 & CVE-2021-20232
gnutls
3.6.14-8.el8_3
To be patched in next release, Joule
CVE-2021-42574
libstdc++
8.4.1-1.el8
To be patched in next release, Joule
CVE-2020-16135
libssh-config
0.9.4-2.el8
To be patched in next release, Joule
CVE-2021-22925 & CVE-2021-22898 & CVE-2021-22876
curl
7.61.1-18.el8_4.2
To be patched in next release, Joule
CVE-2021-42771 & CVE-2021-23336 & CVE-2021-27291 & CVE-2020-28493 & CVE-2021-20270 & CVE-2021-28957
python2
2.7.18-4.module+el8.4.0+9577+0b56c8de
To be patched in next release, Joule

twistlock/private:defender_21_08_525

Findings for Prisma Cloud Compute Defender.

OpenSCAP report

You can find the OpenSCAP report here.
Rule_ID
Compute finding
IronBank finding
Justification
xccdf_org.ssgproject.content_rule_configure_openssl_crypto_policy
Pass
Fail
/etc/pki/tls/openssl.cnf configured according to check
xccdf_org.ssgproject.content_rule_banner_etc_issue
Fail
Pass
Application is a non-interactive container. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214587
Fail
Pass
CVE-2021-42574 libgcc, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214513
Fail
Pass
CVE-2021-36084 & CVE-2021-36085 & CVE-2021-36086 & CVE-2021-36087 libsepol, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214513
Fail
Pass
CVE-2021-22925 & CVE-2021-22898 & CVE-2021-22876 curl, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214511
Fail
Pass
CVE-2021-22925 & CVE-2021-22898 & CVE-2021-22876 curl, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214510
Fail
Pass
CVE-2020-24370 lua-libs, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214489
Fail
Pass
CVE-2021-20266 rpm & rpm-libs, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214451
Fail
Pass
CVE-2021-3580 & CVE-2021-20231 & CVE-2021-20232 gnutls, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214426
Fail
Pass
CVE-2019-17594 & CVE-2019-17595 ncurses-libs & ncurses-base, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214424
Fail
Pass
CVE-2021-23840 openssl & openssl-libs, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214409
Fail
Pass
CVE-2021-33560 libgcrypt, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214387
Fail
Pass
CVE-2020-16135 libssh-config, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214386
Fail
Pass
CVE-2021-42574 libgcc, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214385
Fail
Pass
CVE-2021-28153 glib2, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214382
Fail
Pass
CVE-2020-12762 json-c, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214374
Fail
Pass
CVE-2019-18218 file-libs, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214373
Fail
Pass
CVE-2020-14155 & CVE-2019-20838 pcre, to be patched in the next release (Joule).
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214358
Fail
Pass
CVE-2021-35942 & CVE-2021-33574 & CVE-2021-27645 glibc & glibc-common & glibc-minimal-langpack, to be patched in the next release (Joule).

Vulnerabilities full report

You can find the full vulnerabilities report here.
CVE
Package
Version
Fix Status
Justification
CVE-2019-17594 & CVE-2019-17595
ncurses-libs & ncurses-base
6.1-7.20180224.el8
To be patched in next release, Joule
CVE-2021-35942 & CVE-2021-33574 & CVE-2021-27645
glibc & glibc-common & glibc-minimal-langpack
2.28-151.el8
To be patched in next release, Joule
CVE-2021-23840
openssl & openssl-libs
1.1.1g-15.el8_3
To be patched in next release, Joule
CVE-2021-20231 & CVE-2021-20232
nettle
3.4.1-4.el8_3
To be patched in next release, Joule
CVE-2019-18218
file-libs
5.33-16.el8_3.1
To be patched in next release, Joule
CVE-2020-12762
json-c
0.13.1-0.4.el8
To be patched in next release, Joule
CVE-2021-20266
rpm & rpm-libs
4.14.3-14.el8_4
To be patched in next release, Joule
CVE-2021-28153
glib2
2.56.4-10.el8_4.1
To be patched in next release, Joule
CVE-2021-22925 & CVE-2021-22898 & CVE-2021-22876
libcurl
7.61.1-18.el8_4.2
To be patched in next release, Joule
CVE-2021-42574
libgcc
8.4.1-1.el8
To be patched in next release, Joule
CVE-2021-36084 & CVE-2021-36085 & CVE-2021-36086 & CVE-2021-36087
libsepol
2.9-2.el8
To be patched in next release, Joule
CVE-2021-33560
libgcrypt
1.8.5-4.el8
To be patched in next release, Joule
CVE-2020-24370
lua-libs
5.3.4-11.el8
To be patched in next release, Joule
CVE-2020-14155 & CVE-2019-20838
pcre
8.42-4.el8
To be patched in next release, Joule
CVE-2021-3580 & CVE-2021-20231 & CVE-2021-20232
gnutls
3.6.14-8.el8_3
To be patched in next release, Joule
CVE-2021-42574
libstdc++
8.4.1-1.el8
To be patched in next release, Joule
CVE-2020-16135
libssh-config
0.9.4-2.el8
To be patched in next release, Joule
CVE-2021-22925 & CVE-2021-22898 & CVE-2021-22876
curl
7.61.1-18.el8_4.2
To be patched in next release, Joule

Recommended For You