From b7291a1a5525c8cbeb8754d5c30105dd0978d6de Mon Sep 17 00:00:00 2001 From: Vitaly Date: Tue, 24 Feb 2026 23:12:51 -0800 Subject: [PATCH 1/2] update security vulnerabilities list based on the latest reports --- README.md | 57 ++++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 44 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index fed6fc19..46aeb030 100644 --- a/README.md +++ b/README.md @@ -1067,21 +1067,52 @@ Where is calculated as described in the [Configuring HugePages](https://github.c 2. Using the "leave" button in the Admin interface to remove a node from a cluster may not succeed, depending on your network configuration. Use the Management API to remove a node from a cluster. See: [https://docs.marklogic.com/REST/DELETE/admin/v1/host-config](https://docs.marklogic.com/REST/DELETE/admin/v1/host-config). 3. Rejoining a node to a cluster, that had previously left that cluster, may not succeed. 4. MarkLogic Server will default to the UTC timezone. -5. The latest released version of RedHat UBI images have known security vulnerabilities. - - curl (CVE-2016-5420, CVE-2016-5419, CVE-2016-5421, CVE-2017-3604, CVE-2016-3418, CVE-2017-3605, CVE-2016-0694, CVE-2017-3607, CVE-2017-3608, CVE-2017-3606, CVE-2016-0689, CVE-2017-3609, CVE-2016-0692, CVE-2016-0682, CVE-2016-5420, CVE-2016-5419, CVE-2016-5421, CVE-2023-28322) - - elfutils (CVE-2017-3610, CVE-2017-3611, CVE-2017-3612, CVE-2017-3613, CVE-2017-3614, CVE-2017-3615) - - gawk (CVE-2017-3616) - - gdb (CVE-2017-3617) - - glib/glibc (CVE-2016-5420, CVE-2016-5421, CVE-2016-5419, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2019-12450, CVE-2020-6096) +5. The latest released version of RedHat UBI and UBI9 images have known security vulnerabilities. + - boost-regex (CVE-2016-9840) + - cpio (CVE-2023-7207, CVE-2023-7216) + - curl (CVE-2018-16839, CVE-2018-16840, CVE-2018-16842, CVE-2018-16890, CVE-2019-3822, CVE-2019-3823, CVE-2019-5436, CVE-2019-5481, CVE-2019-5482, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22897, CVE-2021-22898, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22926, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27776, CVE-2022-27782, CVE-2022-32206, CVE-2022-32208, CVE-2022-32221, CVE-2022-35252, CVE-2022-43552, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38546, CVE-2023-46218, CVE-2024-2398, CVE-2024-7264, CVE-2024-8096, CVE-2025-0725, CVE-2025-14017, CVE-2025-14524, CVE-2025-15079, CVE-2025-15224) + - curl-minimal (CVE-2021-22897, CVE-2021-22898, CVE-2021-22901, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22926, CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27782, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-35252, CVE-2022-43552, CVE-2023-23916, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38545, CVE-2023-38546, CVE-2023-46218, CVE-2024-11053, CVE-2024-2398, CVE-2024-7264, CVE-2024-8096, CVE-2024-9681, CVE-2025-0167, CVE-2025-0725, CVE-2025-14017, CVE-2025-14524, CVE-2025-15079, CVE-2025-15224) + - dbus (CVE-2022-42010, CVE-2022-42011, CVE-2022-42012, CVE-2023-34969) + - gawk (CVE-2023-4156) + - glib2 (CVE-2019-13012, CVE-2020-35457, CVE-2021-27218, CVE-2021-27219, CVE-2023-29499, CVE-2023-32611, CVE-2023-32665, CVE-2024-34397, CVE-2024-52533, CVE-2025-13601, CVE-2025-14087, CVE-2025-14512, CVE-2025-4056, CVE-2025-4373) + - glibc (CVE-2016-10228, CVE-2016-10739, CVE-2019-25013, CVE-2020-10029, CVE-2020-1751, CVE-2020-1752, CVE-2020-27618, CVE-2020-6096, CVE-2021-3326, CVE-2021-33574, CVE-2021-35942, CVE-2021-38604, CVE-2021-3998, CVE-2021-3999, CVE-2021-43396, CVE-2022-23218, CVE-2022-23219, CVE-2023-0687, CVE-2023-4813, CVE-2023-4911, CVE-2023-5156, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, CVE-2025-15281, CVE-2025-4802, CVE-2026-0861, CVE-2026-0915) + - glibc-common (CVE-2016-10228, CVE-2016-10739, CVE-2019-25013, CVE-2020-10029, CVE-2020-1751, CVE-2020-1752, CVE-2020-27618, CVE-2020-6096, CVE-2021-3326, CVE-2021-33574, CVE-2021-35942, CVE-2021-38604, CVE-2021-3998, CVE-2021-3999, CVE-2021-43396, CVE-2022-23218, CVE-2022-23219, CVE-2023-0687, CVE-2023-4813, CVE-2023-4911, CVE-2023-5156, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, CVE-2025-15281, CVE-2025-4802, CVE-2026-0861, CVE-2026-0915) + - glibc-minimal-langpack (CVE-2016-10228, CVE-2016-10739, CVE-2019-25013, CVE-2020-10029, CVE-2020-1751, CVE-2020-1752, CVE-2020-27618, CVE-2020-6096, CVE-2021-3326, CVE-2021-33574, CVE-2021-35942, CVE-2021-38604, CVE-2021-3998, CVE-2021-3999, CVE-2021-43396, CVE-2022-23218, CVE-2022-23219, CVE-2023-0687, CVE-2023-4813, CVE-2023-4911, CVE-2023-5156, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, CVE-2025-15281, CVE-2025-4802, CVE-2026-0861, CVE-2026-0915) + - gnupg2 (CVE-2022-3219, CVE-2022-34903, CVE-2025-68972, CVE-2025-68973) + - gnupg2-smime (CVE-2022-3219, CVE-2022-34903, CVE-2025-68972, CVE-2025-68973) + - gnutls (CVE-2021-4209, CVE-2022-2509, CVE-2024-0553, CVE-2025-32988, CVE-2025-32990) + - libblkid (CVE-2022-0563, CVE-2024-28085) - libcap (CVE-2023-2603) - - libdb-utils (CVE-2016-0682, CVE-2016-0689, CVE-2016-0692, CVE-2016-0694, CVE-2016-3418, CVE-2017-3604, CVE-2017-3605, CVE-2017-3606, CVE-2017-3607, CVE-2017-3608, CVE-2017-3609, CVE-2017-3610, CVE-2017-3611, CVE-2017-3612, CVE-2017-3613, CVE-2017-3614, CVE-2017-3615, CVE-2017-3616, CVE-2017-3617, CVE-2015-2583, CVE-2015-2626, CVE-2015-2640, CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-2624, CVE-2015-4784, CVE-2015-4787, CVE-2015-4789, CVE-2015-4785, CVE-2015-4786, CVE-2015-4783, CVE-2015-4764, CVE-2015-4780, CVE-2015-4790, CVE-2015-4776, CVE-2015-4775, CVE-2015-4778, CVE-2015-4777, CVE-2015-4782, CVE-2015-4781, CVE-2015-4774) - - libcroco (CVE-2017-8871) + - libcroco (CVE-2017-7960, CVE-2017-7961, CVE-2017-8834, CVE-2017-8871) + - libcurl (CVE-2018-16839, CVE-2018-16840, CVE-2018-16842, CVE-2018-16890, CVE-2019-3822, CVE-2019-3823, CVE-2019-5436, CVE-2019-5481, CVE-2019-5482, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22897, CVE-2021-22898, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22926, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27776, CVE-2022-27782, CVE-2022-32206, CVE-2022-32208, CVE-2022-32221, CVE-2022-35252, CVE-2022-43552, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38546, CVE-2023-46218, CVE-2024-2398, CVE-2024-7264, CVE-2024-8096, CVE-2025-0725, CVE-2025-14017, CVE-2025-14524, CVE-2025-15079, CVE-2025-15224) + - libcurl-minimal (CVE-2021-22897, CVE-2021-22898, CVE-2021-22901, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22926, CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27782, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-35252, CVE-2022-43552, CVE-2023-23916, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38545, CVE-2023-38546, CVE-2023-46218, CVE-2024-11053, CVE-2024-2398, CVE-2024-7264, CVE-2024-8096, CVE-2024-9681, CVE-2025-0167, CVE-2025-0725, CVE-2025-14017, CVE-2025-14524, CVE-2025-15079, CVE-2025-15224) + - libdb-utils (CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640, CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764, CVE-2015-4774, CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4778, CVE-2015-4779, CVE-2015-4780, CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784, CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4788, CVE-2015-4789, CVE-2015-4790, CVE-2016-0682, CVE-2016-0689, CVE-2016-0692, CVE-2016-0694, CVE-2016-3418, CVE-2017-3604, CVE-2017-3605, CVE-2017-3606, CVE-2017-3607, CVE-2017-3608, CVE-2017-3609, CVE-2017-3610, CVE-2017-3611, CVE-2017-3612, CVE-2017-3613, CVE-2017-3614, CVE-2017-3615, CVE-2017-3616, CVE-2017-3617, CVE-2020-2981) + - libfdisk (CVE-2022-0563, CVE-2024-28085) + - libgcrypt (CVE-2024-2236) + - libgomp (CVE-2021-37322, CVE-2023-4039) - libksba (CVE-2022-3515, CVE-2022-47629) - - libssh (CVE-2023-6004) - - libxml2 (CVE-2022-23308) - - nspr (CVE-2016-1951) - - pam (CVE-2022-28321) - - systemd (CVE-2020-13776) + - libmount (CVE-2022-0563, CVE-2024-28085) + - libsmartcols (CVE-2022-0563, CVE-2024-28085) + - libssh (CVE-2023-1667, CVE-2023-2283, CVE-2023-48795, CVE-2023-6004, CVE-2023-6918, CVE-2025-5318, CVE-2025-5372, CVE-2025-8114) + - libtasn1 (CVE-2018-1000654, CVE-2021-46848) + - libtirpc (CVE-2021-46828) + - libuuid (CVE-2022-0563, CVE-2024-28085) + - libxml2 (CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, CVE-2021-3541, CVE-2022-23308, CVE-2022-29824, CVE-2022-40303, CVE-2022-40304, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2023-45322, CVE-2024-25062, CVE-2024-34459, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113, CVE-2025-6021, CVE-2025-9714) + - libzstd (CVE-2021-24032) + - ncurses-base (CVE-2019-17594, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537) + - openldap (CVE-2015-3276, CVE-2020-15719) + - openssl-fips-provider (CVE-2022-3996, CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0286, CVE-2023-0401, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-5363, CVE-2024-6119, CVE-2025-15467, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796) + - openssl-fips-provider-so (CVE-2022-3996, CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0286, CVE-2023-0401, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-2975, CVE-2023-3817, CVE-2023-5363, CVE-2023-5678, CVE-2023-6129, CVE-2024-0727, CVE-2024-6119, CVE-2025-15467, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796) + - pam (CVE-2022-28321, CVE-2024-10041, CVE-2024-22365, CVE-2025-6020, CVE-2025-8941) + - pcre2 (CVE-2022-41409) + - pcre2-syntax (CVE-2022-41409) + - postfix (CVE-2023-51764) + - rpm (CVE-2021-3421, CVE-2021-35937, CVE-2021-35938, CVE-2021-35939) + - rpm-libs (CVE-2021-3421, CVE-2021-35937, CVE-2021-35938, CVE-2021-35939) + - sudo (CVE-2022-43995, CVE-2023-22809, CVE-2023-42465, CVE-2025-32462) + - systemd (CVE-2018-15686, CVE-2018-15687, CVE-2018-16865, CVE-2018-21029, CVE-2019-3843, CVE-2019-3844, CVE-2019-6454, CVE-2020-1712, CVE-2021-33910, CVE-2022-3821, CVE-2025-4598) + - util-linux (CVE-2022-0563, CVE-2024-28085) + - zlib (CVE-2026-22184) These packages are included in the RedHat UBI base images but, to-date, no fixes have been made available. Even though these libraries may be present in the base image that is used by MarkLogic Server, they are not used by MarkLogic Server itself, hence there is no impact or mitigation required. From 134a259a2a8ecd8c900eda8e06bc521267fa2659 Mon Sep 17 00:00:00 2001 From: Vitaly Date: Wed, 25 Feb 2026 20:39:50 -0800 Subject: [PATCH 2/2] Remove security vulnerabilities from the known issues and remove openscap notice now that it's fixed --- README.md | 57 ++----------------------------------------------------- 1 file changed, 2 insertions(+), 55 deletions(-) diff --git a/README.md b/README.md index 46aeb030..b1463183 100644 --- a/README.md +++ b/README.md @@ -1067,58 +1067,5 @@ Where is calculated as described in the [Configuring HugePages](https://github.c 2. Using the "leave" button in the Admin interface to remove a node from a cluster may not succeed, depending on your network configuration. Use the Management API to remove a node from a cluster. See: [https://docs.marklogic.com/REST/DELETE/admin/v1/host-config](https://docs.marklogic.com/REST/DELETE/admin/v1/host-config). 3. Rejoining a node to a cluster, that had previously left that cluster, may not succeed. 4. MarkLogic Server will default to the UTC timezone. -5. The latest released version of RedHat UBI and UBI9 images have known security vulnerabilities. - - boost-regex (CVE-2016-9840) - - cpio (CVE-2023-7207, CVE-2023-7216) - - curl (CVE-2018-16839, CVE-2018-16840, CVE-2018-16842, CVE-2018-16890, CVE-2019-3822, CVE-2019-3823, CVE-2019-5436, CVE-2019-5481, CVE-2019-5482, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22897, CVE-2021-22898, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22926, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27776, CVE-2022-27782, CVE-2022-32206, CVE-2022-32208, CVE-2022-32221, CVE-2022-35252, CVE-2022-43552, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38546, CVE-2023-46218, CVE-2024-2398, CVE-2024-7264, CVE-2024-8096, CVE-2025-0725, CVE-2025-14017, CVE-2025-14524, CVE-2025-15079, CVE-2025-15224) - - curl-minimal (CVE-2021-22897, CVE-2021-22898, CVE-2021-22901, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22926, CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27782, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-35252, CVE-2022-43552, CVE-2023-23916, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38545, CVE-2023-38546, CVE-2023-46218, CVE-2024-11053, CVE-2024-2398, CVE-2024-7264, CVE-2024-8096, CVE-2024-9681, CVE-2025-0167, CVE-2025-0725, CVE-2025-14017, CVE-2025-14524, CVE-2025-15079, CVE-2025-15224) - - dbus (CVE-2022-42010, CVE-2022-42011, CVE-2022-42012, CVE-2023-34969) - - gawk (CVE-2023-4156) - - glib2 (CVE-2019-13012, CVE-2020-35457, CVE-2021-27218, CVE-2021-27219, CVE-2023-29499, CVE-2023-32611, CVE-2023-32665, CVE-2024-34397, CVE-2024-52533, CVE-2025-13601, CVE-2025-14087, CVE-2025-14512, CVE-2025-4056, CVE-2025-4373) - - glibc (CVE-2016-10228, CVE-2016-10739, CVE-2019-25013, CVE-2020-10029, CVE-2020-1751, CVE-2020-1752, CVE-2020-27618, CVE-2020-6096, CVE-2021-3326, CVE-2021-33574, CVE-2021-35942, CVE-2021-38604, CVE-2021-3998, CVE-2021-3999, CVE-2021-43396, CVE-2022-23218, CVE-2022-23219, CVE-2023-0687, CVE-2023-4813, CVE-2023-4911, CVE-2023-5156, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, CVE-2025-15281, CVE-2025-4802, CVE-2026-0861, CVE-2026-0915) - - glibc-common (CVE-2016-10228, CVE-2016-10739, CVE-2019-25013, CVE-2020-10029, CVE-2020-1751, CVE-2020-1752, CVE-2020-27618, CVE-2020-6096, CVE-2021-3326, CVE-2021-33574, CVE-2021-35942, CVE-2021-38604, CVE-2021-3998, CVE-2021-3999, CVE-2021-43396, CVE-2022-23218, CVE-2022-23219, CVE-2023-0687, CVE-2023-4813, CVE-2023-4911, CVE-2023-5156, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, CVE-2025-15281, CVE-2025-4802, CVE-2026-0861, CVE-2026-0915) - - glibc-minimal-langpack (CVE-2016-10228, CVE-2016-10739, CVE-2019-25013, CVE-2020-10029, CVE-2020-1751, CVE-2020-1752, CVE-2020-27618, CVE-2020-6096, CVE-2021-3326, CVE-2021-33574, CVE-2021-35942, CVE-2021-38604, CVE-2021-3998, CVE-2021-3999, CVE-2021-43396, CVE-2022-23218, CVE-2022-23219, CVE-2023-0687, CVE-2023-4813, CVE-2023-4911, CVE-2023-5156, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, CVE-2025-15281, CVE-2025-4802, CVE-2026-0861, CVE-2026-0915) - - gnupg2 (CVE-2022-3219, CVE-2022-34903, CVE-2025-68972, CVE-2025-68973) - - gnupg2-smime (CVE-2022-3219, CVE-2022-34903, CVE-2025-68972, CVE-2025-68973) - - gnutls (CVE-2021-4209, CVE-2022-2509, CVE-2024-0553, CVE-2025-32988, CVE-2025-32990) - - libblkid (CVE-2022-0563, CVE-2024-28085) - - libcap (CVE-2023-2603) - - libcroco (CVE-2017-7960, CVE-2017-7961, CVE-2017-8834, CVE-2017-8871) - - libcurl (CVE-2018-16839, CVE-2018-16840, CVE-2018-16842, CVE-2018-16890, CVE-2019-3822, CVE-2019-3823, CVE-2019-5436, CVE-2019-5481, CVE-2019-5482, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22897, CVE-2021-22898, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22926, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27776, CVE-2022-27782, CVE-2022-32206, CVE-2022-32208, CVE-2022-32221, CVE-2022-35252, CVE-2022-43552, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38546, CVE-2023-46218, CVE-2024-2398, CVE-2024-7264, CVE-2024-8096, CVE-2025-0725, CVE-2025-14017, CVE-2025-14524, CVE-2025-15079, CVE-2025-15224) - - libcurl-minimal (CVE-2021-22897, CVE-2021-22898, CVE-2021-22901, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22926, CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27782, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-35252, CVE-2022-43552, CVE-2023-23916, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38545, CVE-2023-38546, CVE-2023-46218, CVE-2024-11053, CVE-2024-2398, CVE-2024-7264, CVE-2024-8096, CVE-2024-9681, CVE-2025-0167, CVE-2025-0725, CVE-2025-14017, CVE-2025-14524, CVE-2025-15079, CVE-2025-15224) - - libdb-utils (CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640, CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764, CVE-2015-4774, CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4778, CVE-2015-4779, CVE-2015-4780, CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784, CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4788, CVE-2015-4789, CVE-2015-4790, CVE-2016-0682, CVE-2016-0689, CVE-2016-0692, CVE-2016-0694, CVE-2016-3418, CVE-2017-3604, CVE-2017-3605, CVE-2017-3606, CVE-2017-3607, CVE-2017-3608, CVE-2017-3609, CVE-2017-3610, CVE-2017-3611, CVE-2017-3612, CVE-2017-3613, CVE-2017-3614, CVE-2017-3615, CVE-2017-3616, CVE-2017-3617, CVE-2020-2981) - - libfdisk (CVE-2022-0563, CVE-2024-28085) - - libgcrypt (CVE-2024-2236) - - libgomp (CVE-2021-37322, CVE-2023-4039) - - libksba (CVE-2022-3515, CVE-2022-47629) - - libmount (CVE-2022-0563, CVE-2024-28085) - - libsmartcols (CVE-2022-0563, CVE-2024-28085) - - libssh (CVE-2023-1667, CVE-2023-2283, CVE-2023-48795, CVE-2023-6004, CVE-2023-6918, CVE-2025-5318, CVE-2025-5372, CVE-2025-8114) - - libtasn1 (CVE-2018-1000654, CVE-2021-46848) - - libtirpc (CVE-2021-46828) - - libuuid (CVE-2022-0563, CVE-2024-28085) - - libxml2 (CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, CVE-2021-3541, CVE-2022-23308, CVE-2022-29824, CVE-2022-40303, CVE-2022-40304, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2023-45322, CVE-2024-25062, CVE-2024-34459, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113, CVE-2025-6021, CVE-2025-9714) - - libzstd (CVE-2021-24032) - - ncurses-base (CVE-2019-17594, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537) - - openldap (CVE-2015-3276, CVE-2020-15719) - - openssl-fips-provider (CVE-2022-3996, CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0286, CVE-2023-0401, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-5363, CVE-2024-6119, CVE-2025-15467, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796) - - openssl-fips-provider-so (CVE-2022-3996, CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0286, CVE-2023-0401, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-2975, CVE-2023-3817, CVE-2023-5363, CVE-2023-5678, CVE-2023-6129, CVE-2024-0727, CVE-2024-6119, CVE-2025-15467, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796) - - pam (CVE-2022-28321, CVE-2024-10041, CVE-2024-22365, CVE-2025-6020, CVE-2025-8941) - - pcre2 (CVE-2022-41409) - - pcre2-syntax (CVE-2022-41409) - - postfix (CVE-2023-51764) - - rpm (CVE-2021-3421, CVE-2021-35937, CVE-2021-35938, CVE-2021-35939) - - rpm-libs (CVE-2021-3421, CVE-2021-35937, CVE-2021-35938, CVE-2021-35939) - - sudo (CVE-2022-43995, CVE-2023-22809, CVE-2023-42465, CVE-2025-32462) - - systemd (CVE-2018-15686, CVE-2018-15687, CVE-2018-16865, CVE-2018-21029, CVE-2019-3843, CVE-2019-3844, CVE-2019-6454, CVE-2020-1712, CVE-2021-33910, CVE-2022-3821, CVE-2025-4598) - - util-linux (CVE-2022-0563, CVE-2024-28085) - - zlib (CVE-2026-22184) - -These packages are included in the RedHat UBI base images but, to-date, no fixes have been made available. Even though these libraries may be present in the base image that is used by MarkLogic Server, they are not used by MarkLogic Server itself, hence there is no impact or mitigation required. - -6. As part of the hardening process, the following packages are removed from the image: `vim-minimal`, `cups-client`, `cups-libs`, `tar`, `python3-pip-wheel`, `platform-python`, `python3-libs`, `platform-python-setuptools`, `avahi-libs`, `binutils`, `expat`, `libarchive`, `python3`, `python3-libs`, `python-unversioned-command`. These packages are not required for the operation of MarkLogic Server and are removed to reduce the attack surface of the image. If you require any of these packages, you can install them in your own Dockerfile. - -7. The scoring of the hardening process is 96.67% that because `authselect is not used but files from the 'pam' package have been altered, so the authselect configuration won't be forced.` - -It is a medium severity and not applicable in container environment there is not authentication required when login into a container. -8. The cryptographic modules of RHEL 9 are not yet certified for the FIPS 140-3 requirements. +5. As part of the hardening process, the following packages are removed from the image: `vim-minimal`, `cups-client`, `cups-libs`, `tar`, `python3-pip-wheel`, `platform-python`, `python3-libs`, `platform-python-setuptools`, `avahi-libs`, `binutils`, `expat`, `libarchive`, `python3`, `python3-libs`, `python-unversioned-command`. These packages are not required for the operation of MarkLogic Server and are removed to reduce the attack surface of the image. If you require any of these packages, you can install them in your own Dockerfile. +6. The cryptographic modules of RHEL 9 are not yet certified for the FIPS 140-3 requirements.