Due to a new vulnerability reported in the National Vulnerability Database (CVE-2021-43527), Habana has released new Docker images for our 1.1.1 SynapseAI® Software stack to address this issue. The OS’es impacted are Amazon Linux 2, Centos8.3 and RHEL8.3; these OS’es were updated to the latest packages that do not have the vulnerability. No changes were made to the Habana SynapseAI Software stack, Ubuntu18.04 and Ubuntu20.04. This vulnerability has also been addressed in the latest 1.2.0 SynapseAI Software release, and users are encouraged to move to this latest version. For users that wish to remain on the 1.1.1 SynapseAI Software stack, the new docker images are available in the Habana Vault in these locations:
https://vault.habana.ai/ui/repos/tree/General/gaudi-docker/1.1.1/amzn2
https://vault.habana.ai/ui/repos/tree/General/gaudi-docker/1.1.1/centos8.3
https://vault.habana.ai/ui/repos/tree/General/gaudi-docker/1.1.1/rhel8.3
Each repository now contains this new docker image with the date “-202111222” attached to end of the Docker image name, users will simply update their existing docker pull and docker run commands with this new image, example below:
Original: docker pull vault.habana.ai/gaudi-docker/1.1.1/amzn2/habanalabs/tensorflow-installer-tf-cpu-2.7.0:1.1.1-94
New: docker pull vault.habana.ai/gaudi-docker/1.1.1/amzn2/habanalabs/tensorflow-installer-tf-cpu-2.7.0:1.1.1-94-202111222 (or :latest)
Please refer to the Setup and Installation guide for proper usage of Docker, including using Docker Runtime and the appropriate Docker Pull and Docker Run commands for the 1.1.1 SynapseAI Software Stack.
For more information on the vulnerability for each OS, please see the links below:
https://nvd.nist.gov/vuln/detail/CVE-2021-43527
https://alas.aws.amazon.com/AL2/ALAS-2021-1722.html
https://access.redhat.com/security/cve/CVE-2021-43527