Need upgraded version of below packages to resolve security vulnerabilities

Hi, we are currently using operator-sdk v1.39.0 as the base image to build our helm based operator. During our Security scan, we got below mentioned security vulnerabilities.


<html xmlns:v="urn:schemas-microsoft-com:vml"
xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:x="urn:schemas-microsoft-com:office:excel"
xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta name=ProgId content=Excel.Sheet>
<meta name=Generator content="Microsoft Excel 15">
<link id=Main-File rel=Main-File
href="file:///C:/Users/SIVANI~1/AppData/Local/Temp/msohtmlclip1/01/clip.htm">
<link rel=File-List
href="file:///C:/Users/SIVANI~1/AppData/Local/Temp/msohtmlclip1/01/clip_filelist.xml">


</head>

<body link="#467886" vlink="#96607D">


cve | package | current version | fixedIn
-- | -- | -- | --
CVE-2024-12797 | openssl-libs | 3.2.2-6.el9_5 | 3.2.2-6.el9_5.1
CVE-2019-12900 | bzip2-libs | 1.0.8-8.el9 | 1.0.8-8.el9_4.1
CVE-2020-11023 | libgcc | 11.5.0-2.el9 | 11.5.0-5.el9_5
CVE-2020-11023 | libstdc++ | 11.5.0-2.el9 | 11.5.0-5.el9_5



</body>

</html>



Could not find these versions even in the latest release- v1.39.1

Can we know by when the new version of operator-sdk will be released with the upgraded version of this package?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Need upgraded version of below packages to resolve security vulnerabilities #6902

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

cve	package	current version	fixedIn
CVE-2024-12797	openssl-libs	3.2.2-6.el9_5	3.2.2-6.el9_5.1
CVE-2019-12900	bzip2-libs	1.0.8-8.el9	1.0.8-8.el9_4.1
CVE-2020-11023	libgcc	11.5.0-2.el9	11.5.0-5.el9_5
CVE-2020-11023	libstdc++	11.5.0-2.el9	11.5.0-5.el9_5

Need upgraded version of below packages to resolve security vulnerabilities #6902

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions