Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE vulnerability: update jupyterhub-ssh and kbatch-proxy images #1993

Closed
iameskild opened this issue Sep 11, 2023 · 2 comments · Fixed by #1997
Closed

CVE vulnerability: update jupyterhub-ssh and kbatch-proxy images #1993

iameskild opened this issue Sep 11, 2023 · 2 comments · Fixed by #1997
Assignees
@iameskild
Labels
area: dependencies 📦 All things dependencies area: security 🔐
Milestone
2023.10.1

Comments

@iameskild
Copy link
Member

A vulnerability with OpenSSH was recently discovered (CVE-2023-38408) and the resolution looks like it simply requires that we install a later version of openssh. This is currently affecting the jupyterhub-ssh and kbatch-proxy images.
@iameskild iameskild added this to the Release 2023.9.1 milestone Sep 11, 2023
@iameskild
Copy link
Member Author

iameskild commented Sep 11, 2023
edited
Loading

I have updated the jupyterhub-ssh image upstream (yuvipanda/jupyterhub-ssh#79) and I'm working on doing the same for kbatch-proxy.

@iameskild iameskild changed the title Update jupyterhub-ssh and kbatch-proxy images CVE vulnerability: update jupyterhub-ssh and kbatch-proxy images Sep 11, 2023
@iameskild
Copy link
Member Author

I have also opened an issue and volunteered to cut a new kbatch release: kbatch-dev/kbatch#54

@pavithraes pavithraes moved this from New 🚦 to TODO 📬 in 🪴 Nebari Project Management Sep 11, 2023
@pavithraes pavithraes moved this from TODO 📬 to In progress 🏗 in 🪴 Nebari Project Management Sep 11, 2023
@iameskild iameskild mentioned this issue Sep 11, 2023
Merged
10 tasks
@iameskild iameskild moved this from In progress 🏗 to In review/QA 👀 in 🪴 Nebari Project Management Sep 12, 2023
@github-project-automation github-project-automation bot moved this from In review/QA 👀 to Done 💪🏾 in 🪴 Nebari Project Management Sep 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@iameskild iameskild

Labels
area: dependencies 📦 All things dependencies area: security 🔐
Projects
🪴 Nebari Project Management
Archived in project
Milestone
2023.10.1
Development

Successfully merging a pull request may close this issue.

Upgrade images for jupyterhub-ssh, kbatch nebari-dev/nebari
1 participant
@iameskild