Closed laxmankk closed 1 year ago
It is a bit hard imagine real world scenario where BurmillaOS would be affected by that CVE.
You would need to have:
However, feel free to open pull request if you see this critical. It basically would need update this to later version https://github.com/burmilla/os-services/blob/master/o/open-vm-tools.yml#L2 , same version to be updated in here https://github.com/burmilla/os-services/blob/master/images/10-openvmtools/Dockerfile#L38 and potentially update some other libraries because of switch from 11.x to 12.x.
Do I have permission to create branch and open PR. What is the process to get it in case required.
Fix included on https://github.com/burmilla/os-services/commit/90ba9e37420c3e79fdf4ce5d837d171ffba9ce91 but it will go to next (1.9.6) BurmillaOS version so I need to check what else need to be updated.
We are already behind of couple of Docker versions and looks that there will be new one quite soon after https://github.com/moby/moby/pull/44593 and https://github.com/moby/moby/pull/44597 merged.
Thank you very much Olli Janatuinen. I appreciate your help so much.
BurmillaOS Version: v1.9.2
Where are you running BurmillaOS? As Virtual appliance
Do you use some service(s) which are not enabled by default : open-vm-tools
Looking for open-vm-tools security update - CVE-2022-31676 for burmilla/os-openvmtools docker image . when the latest image will be available? https://hub.docker.com/r/burmilla/os-openvmtools