CVE-2021-46848 CRITICAL- libtasn1-6 #6488
Unanswered
dlukasiewicz
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi community,
During scan with trivy i've found out that there is a critical one, which might be a blocker to use fluent-bit in PROD for some companies.
I've tried to build a new docker image with this package bumped but seems like offical repo for debian doesnt have new version.
CVE-2021-46848 CRITICAL- libtasn1-6
Current version is: 4.16.0-2
Vulnerabiltie appears even in the newest version of the fluent-bit and even in older version such as 1.9.9-2.06 these are the one i've checked
Did someone managed to fix that vulnerabilties? Or DEV's know when it will be fixed for new drop of fluent-bit? Maybe this package is not needed i am not sure
Thanks in advance for Your answers :)
I couldn't find any discussion on that topic, there is one issue which user declared to fix it with: apt-get update && \ apt-get upgrade but if repo doesnt have new version how did it fix it? I've tried to build new image with apt-get upgrade and still CRITICAL appears to be there.
Beta Was this translation helpful? Give feedback.
All reactions