Release Notes: CUCM Connector Frontend Security Patch
|
Release component |
Docker Image |
|---|---|
|
Change type |
Security Patch |
|
Date |
|
|
Severity |
Critical |
Overview
A security audit of the CUCM Connector Frontend Docker image was performed using the Grype vulnerability scanner. The audit identified 155 vulnerabilities, including 6 Critical and 30 High severity findings, in the base image nginx:1.25-alpine due to outdated Alpine Linux system packages.
This release resolves the majority of identified vulnerabilities by upgrading the base image and applying all available package-level security patches.
Changes Made
|
# |
Change |
Details |
|---|---|---|
|
1 |
Base image upgraded |
|
|
2 |
System packages patched |
Added |
Vulnerabilities Resolved
The following packages have been fully patched. All associated CVEs are resolved in this release.
OpenSSL (libcrypto3 / libssl3)
Previously installed: 3.1.4-r6
|
CVE |
Severity |
Description |
|---|---|---|
|
CVE-2024-5535 |
Critical |
SSL_select_next_proto buffer overread |
|
CVE-2024-6119 |
High |
Denial of service in certificate name checking |
|
CVE-2024-4741 |
High |
Use-after-free with SSL_free_buffers |
|
CVE-2024-9143 |
Medium |
Out-of-bounds memory access in EC operations |
|
CVE-2024-4603 |
Medium |
Excessive time in DSA key and parameter validation |
|
CVE-2024-13176 |
Medium |
Timing side-channel in ECDSA signature computation |
|
CVE-2025-9230 |
High |
Unspecified OpenSSL vulnerability |
|
CVE-2025-9232 |
Medium |
Unspecified OpenSSL vulnerability |
curl / libcurl
Previously installed: 8.5.0-r0
|
CVE |
Severity |
Description |
|---|---|---|
|
CVE-2025-0665 |
High |
Double-free in CURLOPT_COOKIELIST processing |
|
CVE-2025-0725 |
High |
Integer overflow in content decoding |
|
CVE-2025-5399 |
High |
Unspecified curl vulnerability |
|
CVE-2024-2398 |
High |
HTTP/2 push headers memory leak |
|
CVE-2024-6197 |
High |
ASN.1 freeing of certificate data |
|
CVE-2024-4741 |
High |
Use-after-free in OpenSSL via curl |
|
CVE-2024-9681 |
Medium |
HSTS subdomain bypass via IDNA |
|
CVE-2024-6874 |
Medium |
Heap buffer over-read in curl URL parsing |
|
CVE-2024-7264 |
Medium |
ASN.1 date parsing out-of-bounds read |
|
CVE-2024-8096 |
Medium |
OCSP stapling bypass |
|
CVE-2024-0853 |
Medium |
OCSP verification bypass |
|
CVE-2024-2379 |
Medium |
QUIC certificate check bypass |
|
CVE-2024-2466 |
Medium |
TLS certificate verification issue |
|
CVE-2024-2004 |
Low |
Usage of disabled protocol |
|
CVE-2024-11053 |
Low |
Credentials leak in netrc parsing |
|
CVE-2025-0167 |
Low |
Credentials leak in netrc parsing |
|
CVE-2025-9086 |
High |
Unspecified curl vulnerability |
libexpat
Previously installed: 2.6.2-r0
|
CVE |
Severity |
Description |
|---|---|---|
|
CVE-2024-45492 |
Critical |
Integer overflow in function nextScaffoldPart |
|
CVE-2024-45491 |
Critical |
Integer overflow in dtdCopy |
|
CVE-2024-45490 |
High |
Negative length parsing in XML_ParseBuffer |
|
CVE-2024-8176 |
High |
Stack overflow via deeply nested XML |
|
CVE-2024-50602 |
Medium |
XML_ParseBuffer crash on absent XML version |
|
CVE-2025-59375 |
High |
Unspecified libexpat vulnerability |
libxml2
Previously installed: 2.11.7-r0
|
CVE |
Severity |
Description |
|---|---|---|
|
CVE-2024-34459 |
High |
Buffer over-read in xmlHTMLPrintFileContext |
|
CVE-2024-56171 |
Critical |
Use-after-free in xmlSchemaIDCFillNodeTables |
|
CVE-2025-24928 |
High |
Stack overflow in xmlSnprintfElements |
|
CVE-2025-27113 |
High |
NULL pointer dereference in xmlPatMatch |
|
CVE-2025-32414 |
High |
Out-of-bounds read in Python bindings |
|
CVE-2025-32415 |
High |
Heap buffer overflow in xmlSchemaParseAttrDecls |
busybox / busybox-binsh / ssl_client
Previously installed: 1.36.1-r15
|
CVE |
Severity |
Description |
|---|---|---|
|
CVE-2023-42363 |
Medium |
Use-after-free in awk |
|
CVE-2023-42364 |
Medium |
Use-after-free in awk |
|
CVE-2023-42365 |
Medium |
Use-after-free in awk |
|
CVE-2023-42366 |
Medium |
Heap buffer overflow in awk |
|
CVE-2025-46394 |
Low |
Unspecified busybox vulnerability |
|
CVE-2024-58251 |
Low |
Unspecified busybox vulnerability |
musl / musl-utils
Previously installed: 1.2.4_git20230717-r4
|
CVE |
Severity |
Description |
|---|---|---|
|
CVE-2025-26519 |
High |
Integer overflow in musl libc |
|
CVE-2026-40200 |
High |
Unspecified musl vulnerability |
|
CVE-2026-6042 |
Medium |
Unspecified musl vulnerability |
libxslt
Previously installed: 1.1.39-r0
|
CVE |
Severity |
Description |
|---|---|---|
|
CVE-2024-55549 |
High |
Use-after-free in xsltGetInheritedNsList |
|
CVE-2025-24855 |
High |
Use-after-free in xsltApplyTemplates |
xz-libs
Previously installed: 5.4.5-r0
|
CVE |
Severity |
Description |
|---|---|---|
|
CVE-2025-31115 |
High |
Heap use-after-free in multithreaded decoder |