Vulnerability CVE-2023-38408 found until version php 8.2 related to the OpenSSH agent

[xserrat]

Hi,

Using the php-8.X and php-7.X images as base image I found a vulnerability that is considered as critical related to the openssh agent.

I didn't see the vulnerability appearing in DockerHub so I wanted to share with you the issue.

A way to fix it is by upgrading the OpenSSH version into a version equal or greater than 9.3p2 as commented in the CVE.

Thanks.

[tianon]

Sorry for the delay -- this image has since been rebuilt several times and thus would've picked up any available updates to this distribution-provided package, but you might find https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-cves to be interesting/useful regardless.

[xserrat]

No problem, thanks for the reply!