[bitnami/mariadb-galera] CVE-2024-25062 Security Vulnerability found in libxml2 library #73481
Labels
mariadb-galera
tech-issues
The user has a technical issue about an application
triage
Triage is needed
Name and Version
bitnami/mariadb-galera:11.5.2-debian-12-r2
What architecture are you using?
amd64
What steps will reproduce the bug?
Running a security scan will show CVE-2024-25062 in debian/libxml2:2.9.14+dfsg-1.3~deb12u1
What is the expected behavior?
High CVEs are not present in software
What do you see instead?
debian/libxml2:2.9.14+dfsg-1.3~deb12u1
has CVE-2024-25062 vulnerability - https://nvd.nist.gov/vuln/detail/CVE-2024-25062#range-13018875.The issue seems to be in their v2.12.x versions and earlier. I reviewed the library packages in the latest mariadb-galera image (which at time of this ticket is 11.5.2-debian-12-r3) and I still see debian/libxml2:2.9.14+dfsg-1.3~deb12u1being used. Request that this library be upgraded to at least 2.13.4 as this looks like the first version that no longer has this vulnerability. All prior versions seem to have the CVE.
Additional information
No response
The text was updated successfully, but these errors were encountered: