Hi Team, we have found some security vulnerabilities in dremio 25.1.0. Can you please provide fix plan for the same
libidn2-0_2.3.2-2build1_amd64.deb
libpcre2-8-0_10.39-3ubuntu0.1_amd64.deb
zlib1g_1.2.11.dfsg-2ubuntu9.2_amd64.deb
dpkg_1.21.1ubuntu2.2_amd64.deb
regards
Abhilash
Hello, the packages you mentioned are about OS not for Dremio, you can only update your OS, is not Dremio related
Hi dcaopan,
we understand that they are system packages, but since we are pulling the dremio image along with OS component, it still affects us. Below are the vulnerabilities from the OS
util-linux_2.37.2-4ubuntu3_amd64.deb
libpam-modules_1.4.0-11ubuntu2.3_amd64.deb
libmount1_2.37.2-4ubuntu3_amd64.deb
libpcre2-8-0_10.39-3ubuntu0.1_amd64.deb
mount_2.37.2-4ubuntu3_amd64.deb
libuuid1_2.37.2-4ubuntu3_amd64.deb
libpam-modules-bin_1.4.0-11ubuntu2.3_amd64.deb
libblkid1_2.37.2-4ubuntu3_amd64.deb
bsdutils_2.37.2-4ubuntu3_amd64.deb
libpcre2-8-0_10.39-3ubuntu0.1_amd64.deb
zlib1g_1.2.11.dfsg-2ubuntu9.2_amd64.deb
bash_5.1-6ubuntu1_amd64.deb
libidn2-0_2.3.2-2build1_amd64.deb
libpng16-16_1.6.37-3build5_amd64.deb
zlib1g_1.2.11.dfsg-2ubuntu9.2_amd64.deb
libsmartcols1_2.37.2-4ubuntu3_amd64.deb
libmount1_2.37.2-4ubuntu3_amd64.deb
libuuid1_2.37.2-4ubuntu3_amd64.deb
libpcre3_8.39-13ubuntu0.22.04.1_amd64.deb
bash_5.1-6ubuntu1_amd64.deb
libblkid1_2.37.2-4ubuntu3_amd64.deb
bsdutils_2.37.2-4ubuntu3_amd64.deb
libsmartcols1_2.37.2-4ubuntu3_amd64.deb
util-linux_2.37.2-4ubuntu3_amd64.deb
libpam0g_1.4.0-11ubuntu2.3_amd64.deb
mount_2.37.2-4ubuntu3_amd64.deb
curl_7.81.0-1ubuntu1.15_amd64.deb
curl_7.81.0-1ubuntu1.15_amd64.deb
Is there any plan to upgrade the ubuntu image used ?
regards
Abhilash
if you are using image containers to run Dremio using Docker o Podman you can create a custom Dockerfile that extends from dremio and update any packages that you want