mirror of
https://github.com/linuxserver/cstate.git
synced 2026-02-20 07:55:25 +08:00
31 lines
6.1 KiB
XML
31 lines
6.1 KiB
XML
<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><link rel="alternate" type="text/html" href="https://info.linuxserver.io"/><title>davos on Info :: LinuxServer.io</title><link>https://info.linuxserver.io/affected/davos/</link><description>History</description><generator>github.com/cstate</generator><language>en</language><lastBuildDate>2021-12-13T15:00:00+00:00</lastBuildDate><updated>2021-12-13T15:00:00+00:00</updated><atom:link href="https://info.linuxserver.io/affected/davos/index.xml" rel="self" type="application/rss+xml"/><item><title>[Resolved] log4j Vulnerability</title><link>https://info.linuxserver.io/issues/2021-12-13-log4j/</link><pubDate>Mon, 13 Dec 2021 15:00:00 +0000</pubDate><guid>https://info.linuxserver.io/issues/2021-12-13-log4j/</guid><category>2022-02-18 18:00:00Z</category><description>Update At this time we have determined that all application/container updates or mitigations that we can reasonably provide have been actioned and as such are marking this issue as resolved.
|
|
Original Post Multiple vulnerabilities (CVE-2021-44228 and CVE-2021-45046) have been discovered in log4j which can lead to denial of service and remote code execution. The following Linuxserver containers have been confirmed not to be affected by CVE-2021-44228 or CVE-2021-45046 due to existing mitigations, upstream patches, or workarounds applied to the container images.</description><content type="html"><h3 id="update">Update</h3>
|
|
<p>At this time we have determined that all application/container updates or mitigations that we can reasonably provide have been actioned and as such are marking this issue as resolved.</p>
|
|
<h3 id="original-post">Original Post</h3>
|
|
<p>Multiple vulnerabilities (<a href="https://nvd.nist.gov/vuln/detail/CVE-2021-44228">CVE-2021-44228</a> and <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-45046">CVE-2021-45046</a>) have been discovered in log4j which can lead to denial of service and remote code execution. The following Linuxserver containers have been confirmed not to be affected by CVE-2021-44228 <em>or</em> CVE-2021-45046 due to existing mitigations, upstream patches, or workarounds applied to the container images.</p>
|
|
<p><strong>Please note these lists apply to the stated version tags and later <em>only</em>. If you are running older versions of the images they may still be vulnerable.</strong></p>
|
|
<ul>
|
|
<li><a href="https://github.com/linuxserver/docker-fleet">Fleet</a> - <code>version-2.3.2</code> and later (Workaround applied + upstream fix)</li>
|
|
<li><a href="https://github.com/linuxserver/docker-airsonic">Airsonic</a> (No log4j-core in use)</li>
|
|
<li><a href="https://github.com/linuxserver/docker-habridge">HABridge</a> (No log4j-core in use)</li>
|
|
<li><a href="https://github.com/linuxserver/docker-unifi-controller">Unifi Controller</a> - <code>version-6.5.55</code> and later (Workaround applied + upstream fix)</li>
|
|
<li><a href="https://github.com/linuxserver/docker-davos">Davos</a> <code>version-2.2.2</code> and later (Upstream fix)</li>
|
|
<li><a href="https://github.com/linuxserver/docker-booksonic-air/">Booksonic Air</a> - <code>version-v2112.2.0</code> and later (Upstream fix)</li>
|
|
</ul>
|
|
<p>The following Linuxserver containers have been confirmed not to be affected by CVE-2021-44228 due to existing mitigations, upstream patches, or workarounds applied to the container images, but may still be vulnerable to CVE-2021-45046.</p>
|
|
<ul>
|
|
<li><a href="https://github.com/linuxserver/docker-unifi-controller">Unifi Controller</a> - <code>version-6.5.54</code> and later (Workaround applied + upstream fix)</li>
|
|
<li><a href="https://github.com/linuxserver/docker-booksonic-air/">Booksonic Air</a> - <code>version-v2112.1.0</code> and later (Upstream fix)</li>
|
|
<li><a href="https://github.com/linuxserver/docker-nzbhydra2">nzbhydra2</a> - <code>version-v3.18.4</code> and later (Upstream fix)</li>
|
|
</ul>
|
|
<p>The following Linuxserver containers are known to be using a vulnerable version of log4j in their current versions and cannot be mitigated by us. This does not mean they are definitely exploitable, but they may be, especially if exposed to the internet.</p>
|
|
<ul>
|
|
<li><a href="https://github.com/linuxserver/docker-booksonic">Booksonic</a> (Deprecated)</li>
|
|
</ul>
|
|
<p>The following Linuxserver containers are unconfirmed as to their vulnerability status, but are Java-based and so may be using log4j in some capacity.</p>
|
|
<ul>
|
|
<li><a href="https://github.com/linuxserver/docker-ubooquity">Ubooquity</a></li>
|
|
</ul>
|
|
<p>We will update this post as more information becomes available.</p></content></item><item><title>New Container: Davos</title><link>https://info.linuxserver.io/issues/2016-11-18-davos/</link><pubDate>Fri, 18 Nov 2016 00:00:00 +0000</pubDate><guid>https://info.linuxserver.io/issues/2016-11-18-davos/</guid><category/><description>We have released a new container for Davos!
|
|
Davos is an FTP automation tool that periodically scans given host locations for new files. It can be configured for various purposes, including listening for specific files to appear in the host location, ready for it to download and then move, if required. It also supports completion notifications as well as downstream API calls, to further the workflow.</description><content type="html"><p>We have released a new container for <a href="https://github.com/linuxserver/docker-davos">Davos</a>!</p>
|
|
<p><a href="https://github.com/linuxserver/davos">Davos</a> is an FTP automation tool that periodically scans given host locations for new files. It can be configured for various purposes, including listening for specific files to appear in the host location, ready for it to download and then move, if required. It also supports completion notifications as well as downstream API calls, to further the workflow.</p></content></item></channel></rss> |