CVE-2021-46848 CRITICAL- libtasn1-6 #6488
Unanswered
dlukasiewicz
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi community,
During scan with trivy i've found out that there is a critical one, which might be a blocker to use fluent-bit in PROD for some companies.
I've tried to build a new docker image with this package bumped but seems like offical repo for debian doesnt have new version.
CVE-2021-46848 CRITICAL- libtasn1-6
Current version is: 4.16.0-2
Vulnerabiltie appears even in the newest version of the fluent-bit and even in older version such as 1.9.9-2.06 these are the one i've checked
Did someone managed to fix that vulnerabilties? Or DEV's know when it will be fixed for new drop of fluent-bit? Maybe this package is not needed i am not sure
Thanks in advance for Your answers :)
I couldn't find any discussion on that topic, there is one issue which user declared to fix it with: apt-get update && \ apt-get upgrade but if repo doesnt have new version how did it fix it? I've tried to build new image with apt-get upgrade and still CRITICAL appears to be there.
Beta Was this translation helpful? Give feedback.
All reactions