search

hashicorp / vault-k8s

First-class support for Vault and Kubernetes.
Mozilla Public License 2.0
786 stars 169 forks source link

update alpine image to fix CVE023-6129, 2024-0727 2023-62372 #587

Closed kschoche closed 8 months ago

kschoche commented 8 months ago

Resolves recent openssl CVEs:


## Packages and Vulnerabilities

   0C     0H     1M     0L     2?  openssl 3.1.4-r2
pkg:apk/alpine/openssl@3.1.4-r2?os_name=alpine&os_version=3.19

    ✗ MEDIUM CVE-2023-6129
      https://scout.docker.com/v/CVE-2023-6129?s=alpine&n=openssl&ns=alpine&t=apk&osn=alpine&osv=3.19&vr=%3C3.1.4-r3
      Affected range : <3.1.4-r3
      Fixed version  : 3.1.4-r3

    ✗ UNSPECIFIED CVE-2024-0727
      https://scout.docker.com/v/CVE-2024-0727?s=alpine&n=openssl&ns=alpine&t=apk&osn=alpine&osv=3.19&vr=%3C3.1.4-r5
      Affected range : <3.1.4-r5
      Fixed version  : 3.1.4-r5

    ✗ UNSPECIFIED CVE-2023-6237
      https://scout.docker.com/v/CVE-2023-6237?s=alpine&n=openssl&ns=alpine&t=apk&osn=alpine&osv=3.19&vr=%3C3.1.4-r4
      Affected range : <3.1.4-r4
      Fixed version  : 3.1.4-r4

3 vulnerabilities found in 1 package
  UNSPECIFIED  2
  LOW          0
  MEDIUM       1
  HIGH         0
  CRITICAL     0
kschoche commented 8 months ago

Looks like there's also a dependabot PR for this too: #586

Did not see that, I'll close it then, thanks!