#827: Update packages and ignore kernel CVEs (#373)

* Ignore CVE-2023-3611 and CVE-2023-3776, because they are kernel issues
* Update cryptography to fix CVE-2023-38325
* Update poetry.lock
* Ignore CVE-2023-3609, because it affects the kernel
* Update cryptography to 41.0.2 in the conda flavors
* Ignore CVE-2023-38325, because cryptography 41.0.3 is not yet available on conda

Co-authored-by: Christoph Pirkl <[email protected]>

flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/security_scan/.trivyignore

@@ -12,6 +12,9 @@ CVE-2022-43945
 CVE-2023-3090
 CVE-2023-3389
 CVE-2023-3390 
+CVE-2023-3611
+CVE-2023-3776
+CVE-2023-3609
 #CVE-2022-23648 is a bug in containerd, not issue for containers
 CVE-2022-23648
 #issue in cgroups, but no threat for ScriptLanguageContainer

flavors/template-Exasol-all-python-3.8-conda/flavor_base/language_deps/packages/conda_packages

@@ -5,6 +5,6 @@ pyarrow|12.0.0
 libblas|3.9.0=15_linux64_mkl
 mamba|1.3.1
 ld_impl_linux-64|2.36.1
-cryptography|39.0.2
+cryptography|41.0.2
 libxml2|2.10.3=hca2bb57_4 # Pinned for OpenJDK in build_deps
 icu|70.1=h27087fc_0 # Pinned for OpenJDK in build_deps

flavors/template-Exasol-all-python-3.8-conda/flavor_base/security_scan/.trivyignore

@@ -1,13 +1,16 @@
 #bug in trivy, no idea when a new debian package will be released (https://github.com/aquasecurity/trivy/issues/1680)
 CVE-2021-43816
-#CVE-2022-0847, CVE-2022-0001, CVE-2022-0002, CVE-2022-1015 affect kernel, no issue for container
+#The following CVEs affect kernel, no issue for container
 CVE-2022-0847
 CVE-2022-0001
 CVE-2022-0002
 CVE-2022-1015
 CVE-2022-23960
 CVE-2022-25636
 CVE-2022-43945
+CVE-2023-3611
+CVE-2023-3776
+CVE-2023-3609
 #CVE-2022-23648 is a bug in containerd, not issue for containers
 CVE-2022-23648
 #issue in cgroups, but no threat for ScriptLanguageContainer
@@ -16,3 +19,5 @@ CVE-2022-0492
 CVE-2022-27191
 # CVE-2022-23960 affects only ARM architectures
 CVE-2022-23960
+# We ignore CVE-2023-38325, because cryptography 41.0.3 is currently not available on conda, https://github.com/conda-forge/cryptography-feedstock/issues/122
+CVE-2023-38325

flavors/template-Exasol-all-python-3.8-cuda-conda/flavor_base/language_deps/packages/conda_packages

@@ -5,6 +5,6 @@ pyarrow|12.0.0=py38h4559c88_4_cuda
 libblas|3.9.0=15_linux64_mkl
 mamba|1.3.1
 ld_impl_linux-64|2.36.1
-cryptography|39.0.2
+cryptography|41.0.2
 libxml2|2.10.3=hca2bb57_4 # Pinned for OpenJDK in build_deps
 icu|70.1=h27087fc_0 # Pinned for OpenJDK in build_deps

flavors/template-Exasol-all-python-3.8-cuda-conda/flavor_base/security_scan/.trivyignore

@@ -1,13 +1,16 @@
 #bug in trivy, no idea when a new debian package will be released (https://github.com/aquasecurity/trivy/issues/1680)
 CVE-2021-43816
-#CVE-2022-0847, CVE-2022-0001, CVE-2022-0002, CVE-2022-1015 affect kernel, no issue for container
+#The following CVEs affect kernel, no issue for container
 CVE-2022-0847
 CVE-2022-0001
 CVE-2022-0002
 CVE-2022-1015
 CVE-2022-23960
 CVE-2022-25636
 CVE-2022-43945
+CVE-2023-3611
+CVE-2023-3776
+CVE-2023-3609
 #CVE-2022-23648 is a bug in containerd, not issue for containers
 CVE-2022-23648
 #issue in cgroups, but no threat for ScriptLanguageContainer
@@ -16,3 +19,5 @@ CVE-2022-0492
 CVE-2022-27191
 # CVE-2022-23960 affects only ARM architectures
 CVE-2022-23960
+# We ignore CVE-2023-38325, because cryptography 41.0.3 is currently not available on conda, https://github.com/conda-forge/cryptography-feedstock/issues/122
+CVE-2023-38325