Looking for open-vm-tools security update - CVE-2022-31676 for burmilla/os-openvmtools docker image #143
Comments
|
It is a bit hard imagine real world scenario where BurmillaOS would be affected by that CVE. You would need to have:
However, feel free to open pull request if you see this critical. It basically would need update this to later version https://github.com/burmilla/os-services/blob/master/o/open-vm-tools.yml#L2 , same version to be updated in here https://github.com/burmilla/os-services/blob/master/images/10-openvmtools/Dockerfile#L38 and potentially update some other libraries because of switch from 11.x to 12.x. |
|
Do I have permission to create branch and open PR. What is the process to get it in case required. |
|
Fix included on burmilla/os-services@90ba9e3 but it will go to next (1.9.6) BurmillaOS version so I need to check what else need to be updated. We are already behind of couple of Docker versions and looks that there will be new one quite soon after moby/moby#44593 and moby/moby#44597 merged. |
|
Thank you very much Olli Janatuinen. I appreciate your help so much. |
|
Included to just released v1.9.6 version: |
BurmillaOS Version: v1.9.2
Where are you running BurmillaOS? As Virtual appliance
Do you use some service(s) which are not enabled by default : open-vm-tools
Looking for open-vm-tools security update - CVE-2022-31676 for burmilla/os-openvmtools docker image . when the latest image will be available?
https://hub.docker.com/r/burmilla/os-openvmtools
The text was updated successfully, but these errors were encountered: