Backport of Suppress redhat linux CVEs into release/1.20.x (#22029)

backport of commit b3e625765a Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
2024-12-19 12:13:10 -05:00 · 2024-12-19 12:13:10 -05:00 · b453677e41
parent edebd4db67
commit b453677e41
2 changed files with 3 additions and 1 deletions
--- a/.changelog/22011.txt
+++ b/.changelog/22011.txt
@ -1,4 +1,4 @@
 ```release-note:security
-Update `registry.access.redhat.com/ubi9-minimal` image to 9.5 to address [CVE-2019-12900](https://nvd.nist.gov/vuln/detail/cve-2019-12900),[CVE-2024-3596](https://nvd.nist.gov/vuln/detail/CVE-2024-3596),[CVE-2024-2511](https://nvd.nist.gov/vuln/detail/CVE-2024-2511),[CVE-2024-26458](https://nvd.nist.gov/vuln/detail/CVE-2024-26458),[CVE-2024-4067](https://nvd.nist.gov/vuln/detail/CVE-2024-4067).
+Update `registry.access.redhat.com/ubi9-minimal` image to 9.5 to address [CVE-2024-3596](https://nvd.nist.gov/vuln/detail/CVE-2024-3596),[CVE-2024-2511](https://nvd.nist.gov/vuln/detail/CVE-2024-2511),[CVE-2024-26458](https://nvd.nist.gov/vuln/detail/CVE-2024-26458).
 ```

--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@ -37,6 +37,8 @@ container {
 	triage {
 		suppress {
 			vulnerabilities = [
+				"CVE-2024-4067", # libsolv@0:0.7.24-3.el9
+				"CVE-2019-12900" # bzip2-libs@0:1.0.8-8.el9
 			]
 			paths = [
 				"internal/tools/proto-gen-rpc-glue/e2e/consul/*",