Security fixes

This topic lists the security fixes in Tanzu Application Platform v1.12 releases.

In this topic:

v1.12.1 Security fixes
v1.12.0 Security fixes
About Linux Kernel CVEs

v1.12.1 Security fixes

This release has the following security fixes, listed by component and area.

Package Name	Vulnerabilities Resolved
api-portal.tanzu.vmware.com	Expand to see the list GHSA-hmqf-wpq9-jq83 CVE-2024-24791 CVE-2022-41881
buildservice.tanzu.vmware.com	Expand to see the list GHSA-m5vv-6r4h-3vj9 GHSA-c5q2-7r4c-mv6g GHSA-95pr-fxf5-86gv GHSA-88jx-383q-w4qc
external-secrets.apps.tanzu.vmware.com	Expand to see the list GHSA-xr7q-jx4m-x55m
ootb-templates.tanzu.vmware.com	Expand to see the list GHSA-xr7q-jx4m-x55m

v1.12.0 Security fixes

This release has the following security fixes, listed by package.

Package Name	Vulnerabilities Resolved
cert-manager.tanzu.vmware.com	Expand to see the list GHSA-xr7q-jx4m-x55m CVE-2024-24790
cnrs.tanzu.vmware.com	Expand to see the list GHSA-qmvj-4qr9-v547 CVE-2024-5535 CVE-2024-4741 CVE-2024-4603 CVE-2024-2511
fluxcd-source-controller.tanzu.vmware.com	Expand to see the list GHSA-6wrf-mxfj-pf5p GHSA-33pg-m6jh-5237 GHSA-232p-vwff-86mp
ootb-templates.tanzu.vmware.com	Expand to see the list GHSA-xfhp-jf8p-mh5w GHSA-r53h-jv2g-vpx6 CVE-2024-6257 CVE-2024-3817 CVE-2024-24579
sonarqube.component.apps.tanzu.vmware.com	Expand to see the list ALAS-2024-2607 ALAS-2024-2604 ALAS-2024-2600
sso.apps.tanzu.vmware.com	Expand to see the list GHSA-hmqf-wpq9-jq83 CVE-2022-0543
tap-gui.tanzu.vmware.com	Expand to see the list GHSA-j8xg-fqg3-53r7 GHSA-2fc9-xpp8-2g9h CVE-2024-44942 CVE-2024-44941 CVE-2024-44940 CVE-2024-44939 CVE-2024-44938 CVE-2024-44935 CVE-2024-44934 CVE-2024-44931 CVE-2024-43914 CVE-2024-43913 CVE-2024-43912 CVE-2024-43911 CVE-2024-43910 CVE-2024-43909 CVE-2024-43908 CVE-2024-43907 CVE-2024-43906 CVE-2024-43905 CVE-2024-43904 CVE-2024-43903 CVE-2024-43902 CVE-2024-43901 CVE-2024-43900 CVE-2024-43899 CVE-2024-43898 CVE-2024-43897 CVE-2024-43895 CVE-2024-43894 CVE-2024-43893 CVE-2024-43892 CVE-2024-43890 CVE-2024-43889 CVE-2024-43886 CVE-2024-43885 CVE-2024-43884 CVE-2024-43877 CVE-2024-43876 CVE-2024-43868 CVE-2024-43859 CVE-2024-43855 CVE-2024-43851 CVE-2024-43850 CVE-2024-43840 CVE-2024-43837 CVE-2024-43833 CVE-2024-43818 CVE-2024-42317 CVE-2024-42316 CVE-2024-42314 CVE-2024-42307 CVE-2024-42279 CVE-2024-42268 CVE-2024-42265 CVE-2024-42258 CVE-2024-42250 CVE-2024-42245 CVE-2024-42241 CVE-2024-42238 CVE-2024-42237 CVE-2024-42162 CVE-2024-41096 CVE-2024-41056 CVE-2024-41051 CVE-2024-41039 CVE-2024-41038 CVE-2024-41028 CVE-2024-39479 CVE-2024-39478 CVE-2024-38622 CVE-2024-38620 CVE-2024-36881 CVE-2024-35974 CVE-2024-35964 CVE-2024-35963 CVE-2024-35961 CVE-2024-35860 CVE-2024-27079 CVE-2024-27042 CVE-2024-26930 CVE-2024-26914 CVE-2024-26913 CVE-2024-26902 CVE-2024-26841 CVE-2024-26836 CVE-2024-26799 CVE-2024-26783 CVE-2024-26768 CVE-2024-26670 CVE-2024-26618 CVE-2024-26596 CVE-2024-26458 CVE-2024-24864 CVE-2024-24855 CVE-2024-22365 CVE-2024-0232 CVE-2023-7104 CVE-2023-6039 CVE-2023-52827 CVE-2023-52797 CVE-2023-52771 CVE-2023-52770 CVE-2023-52658 CVE-2023-52425 CVE-2023-4641 CVE-2023-45853 CVE-2023-37454 CVE-2023-31484 CVE-2023-31083 CVE-2023-23005 CVE-2023-21264 CVE-2023-0597 CVE-2021-3847 CVE-2020-36694 CVE-2019-19449 CVE-2019-16089 CVE-2018-12928

About Linux Kernel CVEs

Kernel level vulnerabilities are regularly identified and patched by Canonical. Tanzu Application Platform releases with available images, which might contain known vulnerabilities. When Canonical makes patched images available, Tanzu Application Platform incorporates these fixed images into future releases.

The kernel runs on your container host VM, not the Tanzu Application Platform container image. Even with a patched Tanzu Application Platform image, the vulnerability is not mitigated until you deploy your containers on a host with a patched OS. An unpatched host OS might be exploitable if the base image is deployed.