Guys there seem to be a critical vuln in the ECS deployment osquery #fleet

Guys there seem to be a critical vuln in the ECS d...

Ojas

08/23/2022, 4:24 AM

Guys there seem to be a critical vuln in the ECS deployment of fleet: The package

zlib

version

1.2.12-r1

was detected in

APK package manager

on a container image running

Alpine 3.16.0

is vulnerable to

CVE-2022-37434

, which exists in versions

\u003c 1.2.12-r2

.\n\nThe vulnerability was found in the [Official Alpine Security Advisories](https://security.alpinelinux.org/vuln/CVE-2022-37434) with vendor severity:

Critical

([NVD](https://nvd.nist.gov/vuln/detail/CVE-2022-37434) severity:

Critical

).\n\nThis vulnerability has a known exploit available. Source: Github [[1](https://github.com/ivd38/zlib_overflow), [2](https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063), [3](https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764)].\n\nThe vulnerability can be remediated by updating the package to version

1.2.12-r2

or higher,

Ojas

08/23/2022, 5:10 AM

can we upgrade it without shutting down?

Ojas

08/23/2022, 5:20 AM

Status reason CannotStartContainerError: ResourceInitializationError: failed to create new container runtime task: failed to create shim: OCI runtime create failed: container_linux.go380 starting container process caused: exec: “apk update”: executable file not found Command [“apk update”] tried using the new task to run command bit says not found

zwass

08/23/2022, 3:32 PM

Luckily Fleet doesn't use

zlib

. The next version of Fleet (should be published today) will use the new

alpine

base image that should have the fix though. If you need it right now, or with a different Fleet version, you would need to build yourself from the Dockerfile.

Ojas

08/23/2022, 3:47 PM

if new version is coming then i guess i can hold for that. thanks 🙂

4 Views

Open in Slack

Previous Next