https://community.databricks.com/t5/data-engineering/cve-2023-51385-and-cve-2023-38408-in-runtime-17-3-lts-in-azure/m-p/151985#M53734 <P>Hi&nbsp;<a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/143601">@moto-charles</a>,</P> <P class="wnfdntd" data-pm-slice="1 1 []">For an authoritative statement on CVE‑2023‑51385 and CVE‑2023‑38408 in your specific workspace and region (Azure Gov), the best path is to open a support ticket from your Azure Databricks workspace. That allows Databricks Support and Security to&nbsp;<SPAN>confirm the applicability of these specific CVEs to your configuration and images, and&nbsp;to&nbsp;</SPAN><SPAN>provide concrete guidance on risk and on any recommended maintenance update or runtime upgrade path.</SPAN></P> <P class="wnfdntd">That way, you get an official answer that your security team can rely on for their assessment and documentation. The community<SPAN>&nbsp;cannot reliably provide this confirmation.</SPAN></P> <P class="p1"><FONT size="2" color="#FF6600"><STRONG><I>If this answer resolves your question, could you mark it as “Accept as Solution”? That helps other users quickly find the correct fix.</I></STRONG></FONT><I></I></P> <P class="wnfdntd">&nbsp;</P> Wed, 25 Mar 2026 10:31:55 GMT Ashwin_DSA 2026-03-25T10:31:55Z https://community.databricks.com/t5/data-engineering/cve-2023-51385-and-cve-2023-38408-in-runtime-17-3-lts-in-azure/m-p/151178#M53609 <P>My org is running Databricks in Azure Gov and recently upgraded from runtime 17.1 to 17.3 LTS.&nbsp; Around the same time as the upgrade, our security team found 17 CVE's, two of which are related to openssh.&nbsp; We have already contacted Microsoft and they stated Databricks needed to update the images to use a more recent version of openssh.&nbsp; Databricks can you confirm this and possibly resolve the CVEs in Azure Gov Databricks?&nbsp; Thanks</P> Tue, 17 Mar 2026 19:22:19 GMT https://community.databricks.com/t5/data-engineering/cve-2023-51385-and-cve-2023-38408-in-runtime-17-3-lts-in-azure/m-p/151178#M53609 moto-charles 2026-03-17T19:22:19Z https://community.databricks.com/t5/data-engineering/cve-2023-51385-and-cve-2023-38408-in-runtime-17-3-lts-in-azure/m-p/151179#M53610 <P><SPAN>CVE-2023-51385 and CVE-2023-38408</SPAN></P> Tue, 17 Mar 2026 19:22:49 GMT https://community.databricks.com/t5/data-engineering/cve-2023-51385-and-cve-2023-38408-in-runtime-17-3-lts-in-azure/m-p/151179#M53610 moto-charles 2026-03-17T19:22:49Z https://community.databricks.com/t5/data-engineering/cve-2023-51385-and-cve-2023-38408-in-runtime-17-3-lts-in-azure/m-p/151985#M53734 <P>Hi&nbsp;<a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/143601">@moto-charles</a>,</P> <P class="wnfdntd" data-pm-slice="1 1 []">For an authoritative statement on CVE‑2023‑51385 and CVE‑2023‑38408 in your specific workspace and region (Azure Gov), the best path is to open a support ticket from your Azure Databricks workspace. That allows Databricks Support and Security to&nbsp;<SPAN>confirm the applicability of these specific CVEs to your configuration and images, and&nbsp;to&nbsp;</SPAN><SPAN>provide concrete guidance on risk and on any recommended maintenance update or runtime upgrade path.</SPAN></P> <P class="wnfdntd">That way, you get an official answer that your security team can rely on for their assessment and documentation. The community<SPAN>&nbsp;cannot reliably provide this confirmation.</SPAN></P> <P class="p1"><FONT size="2" color="#FF6600"><STRONG><I>If this answer resolves your question, could you mark it as “Accept as Solution”? That helps other users quickly find the correct fix.</I></STRONG></FONT><I></I></P> <P class="wnfdntd">&nbsp;</P> Wed, 25 Mar 2026 10:31:55 GMT https://community.databricks.com/t5/data-engineering/cve-2023-51385-and-cve-2023-38408-in-runtime-17-3-lts-in-azure/m-p/151985#M53734 Ashwin_DSA 2026-03-25T10:31:55Z