cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

CVE-2023-51385 and CVE-2023-38408 in Runtime 17.3 LTS in Azure Gov Databricks

Go to solution
moto-charles
New Contributor II

โ€Ž03-17-2026 12:22 PM

My org is running Databricks in Azure Gov and recently upgraded from runtime 17.1 to 17.3 LTS.  Around the same time as the upgrade, our security team found 17 CVE's, two of which are related to openssh.  We have already contacted Microsoft and they stated Databricks needed to update the images to use a more recent version of openssh.  Databricks can you confirm this and possibly resolve the CVEs in Azure Gov Databricks?  Thanks

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Ashwin_DSA
Databricks Employee
Databricks Employee

4 weeks ago

Hi @moto-charles,

For an authoritative statement on CVEโ€‘2023โ€‘51385 and CVEโ€‘2023โ€‘38408 in your specific workspace and region (Azure Gov), the best path is to open a support ticket from your Azure Databricks workspace. That allows Databricks Support and Security to confirm the applicability of these specific CVEs to your configuration and images, and to provide concrete guidance on risk and on any recommended maintenance update or runtime upgrade path.

That way, you get an official answer that your security team can rely on for their assessment and documentation. The community cannot reliably provide this confirmation.

If this answer resolves your question, could you mark it as โ€œAccept as Solutionโ€? That helps other users quickly find the correct fix.

 

Regards,
Ashwin | Delivery Solution Architect @ Databricks
Helping you build and scale the Data Intelligence Platform.
***Opinions are my own***

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
moto-charles
New Contributor II

โ€Ž03-17-2026 12:22 PM

CVE-2023-51385 and CVE-2023-38408

0 Kudos

Go to solution
Ashwin_DSA
Databricks Employee
Databricks Employee

4 weeks ago

Hi @moto-charles,

For an authoritative statement on CVEโ€‘2023โ€‘51385 and CVEโ€‘2023โ€‘38408 in your specific workspace and region (Azure Gov), the best path is to open a support ticket from your Azure Databricks workspace. That allows Databricks Support and Security to confirm the applicability of these specific CVEs to your configuration and images, and to provide concrete guidance on risk and on any recommended maintenance update or runtime upgrade path.

That way, you get an official answer that your security team can rely on for their assessment and documentation. The community cannot reliably provide this confirmation.

If this answer resolves your question, could you mark it as โ€œAccept as Solutionโ€? That helps other users quickly find the correct fix.

 

Regards,
Ashwin | Delivery Solution Architect @ Databricks
Helping you build and scale the Data Intelligence Platform.
***Opinions are my own***
0 Kudos
Announcements