Closed k725 closed 11 months ago
It looks like #328. I would appreciate it if you could update the base image.
┌────────────┬───────────────┬──────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├────────────┼───────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤ │ libcrypto3 │ CVE-2023-2975 │ LOW │ 3.1.1-r1 │ 3.1.1-r2 │ Issue summary: The AES-SIV cipher implementation contains a │ │ │ │ │ │ │ bug that c ...... │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2975 │ ├────────────┤ │ │ │ │ │ │ libssl3 │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ └────────────┴───────────────┴──────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘
We need libcrypto3 upgraded to 3.1.1-r3 now to fix yet another CVE:
Both of these CVEs have been upgraded to medium risk.
This issue has been fixed in 3.18.3 (latest).
It looks like #328. I would appreciate it if you could update the base image.