need to fix 4 high vulnerability assessments about needing to update zlib 1.2.8
Robie Basak
robie.basak at ubuntu.com
Tue Oct 10 21:22:54 UTC 2017
Hi Thomas,
On Tue, Oct 10, 2017 at 04:54:40PM -0400, Thomas Gertin wrote:
> I am getting 4 high vulnerability assessments from my Common
> Vulnerabilities and Exposures-1.1 rules package. They all recommend
> updating my zlib package. I have updated my zlib package and it is
> up-to-date with version 1.2.8. However, it still produces the same
> vulnerability assessments, and I think I may need to update it
> further. I have Ubuntu 14.04.5 LTS. Can anybody help on how to do
> this?
First step: you should have a list of CVE identifiers for the
vulnerabilities that your tooling believes exist. Look these up in
Ubuntu's CVE database to see what the security team believes is the
current state of those.
You can find the CVE database at
https://people.canonical.com/~ubuntu-security/cve/
Then, if you still have concerns, please post the specific CVEs that
bother you and explain these concerns in the context of what our CVE
database says our position is about them.
If you are having difficulty in actually updating your system's
packages, then this list is probably the wrong place for a discussion
about that unless you have reason to think that there's a bug or other
problem in Ubuntu in general, as opposed to just your system.
Hope that helps,
Robie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20171010/8c483843/attachment.sig>
More information about the Ubuntu-devel-discuss
mailing list