Hello, 

Does anybody knows IBM recommendations or any other solutions regarding Docker OpenSSL vulnerabilities CVE-2022-1292 and CVE-2022-2068? 

I have checked Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components but those vulnerabilities not exist here. (https://www.ibm.com/support/pages/security-bulletin-ibm-planning-analytics-local-planning-analytics-workspace-affected-vulnerabilities-multiple-open-source-software-oss-components)

IT team is blocking PAW installation because of it.

Thanks a lot!

------------------------------
Ilya Gorbunov
------------------------------

Greetings Ilya,

I have seen something similar at other customers... the customer was running RHEL 7 with Docker and IT would not approve it and the resolution was to move to RHEL8 with podman (this is supported by IBM).  Migration was straightforward.   

Podman is considered more secure than Docker primarily because it doesn't require a central daemon running as root, which Docker does

------------------------------
Mike Bender

Original Message:
Sent: Wed August 21, 2024 05:24 AM
From: Ilya Gorbunov
Subject: PAW Docker OpenSSL vulnerabilities CVE-2022-1292 and CVE-2022-2068

Hello, 

Does anybody knows IBM recommendations or any other solutions regarding Docker OpenSSL vulnerabilities CVE-2022-1292 and CVE-2022-2068? 

I have checked Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components but those vulnerabilities not exist here. (https://www.ibm.com/support/pages/security-bulletin-ibm-planning-analytics-local-planning-analytics-workspace-affected-vulnerabilities-multiple-open-source-software-oss-components)

IT team is blocking PAW installation because of it.

Thanks a lot!

------------------------------
Ilya Gorbunov
------------------------------

Hi! For Docker OpenSSL vulnerabilities CVE-2022-1292 and CVE-2022-2068, IBM recommends updating to the latest versions of affected components to mitigate risks. Since these vulnerabilities don't appear to be directly linked to your IBM Planning Analytics Workspace (PAW) setup, ensure that all your Docker containers and OpenSSL libraries are up to date. Check with your IT team to confirm that the vulnerabilities are properly addressed in your environment. For more detailed guidance, consult IBM's security advisories or reach out to IBM support. 🙂

Greetings Ilya,

I have seen something similar at other customers... the customer was running RHEL 7 with Docker and IT would not approve it and the resolution was to move to RHEL8 with podman (this is supported by IBM).  Migration was straightforward.   

Podman is considered more secure than Docker primarily because it doesn't require a central daemon running as root, which Docker does

------------------------------
Mike Bender

Original Message:
Sent: Wed August 21, 2024 05:24 AM
From: Ilya Gorbunov
Subject: PAW Docker OpenSSL vulnerabilities CVE-2022-1292 and CVE-2022-2068

Hello, 

Does anybody knows IBM recommendations or any other solutions regarding Docker OpenSSL vulnerabilities CVE-2022-1292 and CVE-2022-2068? 

I have checked Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components but those vulnerabilities not exist here. (https://www.ibm.com/support/pages/security-bulletin-ibm-planning-analytics-local-planning-analytics-workspace-affected-vulnerabilities-multiple-open-source-software-oss-components)

IT team is blocking PAW installation because of it.

Thanks a lot!

------------------------------
Ilya Gorbunov
------------------------------

Greetings Ilya,

I have seen something similar at other customers... the customer was running RHEL 7 with Docker and IT would not approve it and the resolution was to move to RHEL8 with podman (this is supported by IBM).  Migration was straightforward.   

Podman is considered more secure than Docker primarily because it doesn't require a central daemon running as root, which Docker does

------------------------------
Mike Bender

Original Message:
Sent: Wed August 21, 2024 05:24 AM
From: Ilya Gorbunov
Subject: PAW Docker OpenSSL vulnerabilities CVE-2022-1292 and CVE-2022-2068

Hello, 

Does anybody knows IBM recommendations or any other solutions regarding Docker OpenSSL vulnerabilities CVE-2022-1292 and CVE-2022-2068? 

I have checked Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components but those vulnerabilities not exist here. (https://www.ibm.com/support/pages/security-bulletin-ibm-planning-analytics-local-planning-analytics-workspace-affected-vulnerabilities-multiple-open-source-software-oss-components)

IT team is blocking PAW installation because of it.

Thanks a lot!

------------------------------
Ilya Gorbunov
------------------------------