Updated RH8 packages and .trivyignore file with security patches

alishamayor · alishamayor · commit 13e7039a0790 · 2021-05-12T07:31:33.000-07:00
diff --git a/.trivyignore b/.trivyignore
@@ -2,3 +2,24 @@
 # /usr/lib/python3.7/site-packages/ansible_collections/netbox/netbox/poetry.lock
 CVE-2020-36242
 CVE-2020-14343
+
+# Downgraded to LOW severity by the Product Security team as the packages are not actually
+# shipped with the release.
+# SPL-203200
+CVE-2021-28092
+# SPL-203205
+CVE-2021-27290
+# SPL-196809
+CVE-2018-11777
+CVE-2016-3083
+CVE-2015-7521
+CVE-2016-3083
+
+# Marked as fixed in the next Splunk release
+CVE-2021-23358
+CVE-2020-25649
+
+# Fixed by Apache Spark in versions 3.0.3, 3.1.2, 3.2.0
+CVE-2020-27216
+CVE-2021-28165
+CVE-2020-27216
diff --git a/base/redhat-8/install.sh b/base/redhat-8/install.sh
@@ -29,7 +29,7 @@ export LANG=en_US.utf8
 microdnf -y --nodocs install wget sudo shadow-utils procps tar tzdata make gcc \
                              openssl-devel bzip2-devel libffi-devel findutils
 # Patch security updates
-microdnf -y --nodocs update gnutls kernel-headers librepo libnghttp2 tzdata
+microdnf -y --nodocs update gnutls kernel-headers librepo libnghttp2 tzdata nettle
 
 # Install Python and necessary packages
 PY_SHORT=${PYTHON_VERSION%.*}
