[ https://issues.apache.org/jira/browse/TIKA-3906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17625641#comment-17625641 ]
Felix Sperling commented on TIKA-3906: -------------------------------------- [~tallison] Thank you so much. That was superfast :D Looks good: {code:java} $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 10f66f029aef apache/tika:2.5.0.1 "/bin/sh -c 'exec ja…" 6 seconds ago Up 5 seconds 9998/tcp serene_rosalind $ docker exec -ti 10f66f029aef /bin/bash root@10f66f029aef:/# dpkg -l | grep -E "perl|zlib" ii perl-base 5.34.0-3ubuntu1.1 amd64 minimal Perl system ii zlib1g:amd64 1:1.2.11.dfsg-2ubuntu9.2 amd64 compression library - runtime {code} > Build a new version of the Tika docker image to fix CVEs > -------------------------------------------------------- > > Key: TIKA-3906 > URL: https://issues.apache.org/jira/browse/TIKA-3906 > Project: Tika > Issue Type: Bug > Components: docker > Affects Versions: 2.5.0 > Reporter: Felix Sperling > Priority: Major > > Please rebuild and release a new version of the 2.5.0 docker image. > The current one contains CVEs which have fixes already in the jammy repos. > h2. zlib > *_Note:_* _Versions mentioned in the description apply to the upstream > {{zlib}} package._ _See {{How to fix?}} for {{Ubuntu:22.04}} relevant > versions._ > zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in > inflate in inflate.c via a large gzip header extra field. NOTE: only > applications that call inflateGetHeader are affected. Some common > applications bundle the affected zlib source code but may be unable to call > inflateGetHeader (e.g., see the nodejs/node reference). > h2. Remediation > Upgrade {{Ubuntu:22.04}} {{zlib}} to version 1:1.2.11.dfsg-2ubuntu9.2 or > higher. > > h2. perl > *_Note:_* _Versions mentioned in the description apply to the upstream > {{perl}} package._ _See {{How to fix?}} for {{Ubuntu:22.04}} relevant > versions._ > CPAN 2.28 allows Signature Verification Bypass. > h2. Remediation > Upgrade {{Ubuntu:22.04}} {{perl}} to version 5.34.0-3ubuntu1.1 or higher. -- This message was sent by Atlassian Jira (v8.20.10#820010)