Update 3.17 libcrypto3/libssl3 to fix CVE-2022-3996

[sirkrypt0]

Hi and thanks for maintaining this!

Today our vulnerability scanner failed because of the libcrypto3/libssl3 CVE-2022-3996 vulnerability.

┌────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────┐
│  Library   │ Vulnerability │ Severity │ Installed Version │ Fixed Version │                       Title                        │
├────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────┤
│ libcrypto3 │ CVE-2022-3996 │ HIGH     │ 3.0.7-r0          │ 3.0.7-r2      │ openssl: double locking leads to denial of service │
│            │               │          │                   │               │ https://avd.aquasec.com/nvd/cve-2022-3996          │
├────────────┤               │          │                   │               │                                                    │
│ libssl3    │               │          │                   │               │                                                    │
│            │               │          │                   │               │                                                    │
└────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────┘

The version 3.0.7-r2 seems to be available on the 3.17-main with the patch applied.

Running apk upgrade libssl3 libcrypto3 in my Dockerfile manually fixes the issue.

It would be awesome if you could update the 3.17 base image to include these latest fixes :)

[robutex]

I hope the alpine team will add some priority to this since the severity for it is HIGH.

[tianon]

https://github.com/docker-library/official-images/pull/13854 (this is updated now)

[sirkrypt0]

Indeed, the latest image is updated and the vulnerability scanner is happy. Thanks :)