Security vulnerabilities in alpine:3.18/3.18.6
Hello,
We use a few external images in the project. The Aqua security scanner has flagged vulnerabilities due to the utilization of an Alpine version 3.18 and 3.18.6:
CVE-2023-43788 libxpm CVE-2023-43789 libxpm CVE-2024-0853 libcurl CVE-2024-0853 curl CVE-2023-42363 busybox-binsh CVE-2023-42364 busybox-binsh CVE-2023-42365 busybox-binsh CVE-2023-42366 busybox-binsh CVE-2023-42363 ssl_client CVE-2023-42364 ssl_client CVE-2023-42365 ssl_client CVE-2023-42366 ssl_client CVE-2023-42363 busybox CVE-2023-42364 busybox CVE-2023-42365 busybox CVE-2023-42366 busybox
To resolve these security tickets is critical for our upcoming GA release. To address these security concerns, updating to Alpine version 3.19.1 resolves the issues, but maintainers of the images are awaiting fixes in additional releases of the v3.18. Would it be feasible for you to provide the necessary fixes for 3.18 (a new package)?