fix cve-2024-2511 - request to update libcrypto3 and libssl3
Package Information
- Package name:
libcrypto3
,libssl3
- Package version:
libcrypto3-3.1.4-r5
- New version:
3.1.4-r6
- Alpine version:
3.19.1
- Alpine architecture:
aarch64
,x86_64
Summary
CVE: https://avd.aquasec.com/nvd/2024/cve-2024-2511/
libcrypto3
and libssl3
need to be updated to address CVE.
Steps to reproduce
trivy can be used to detect the CVE:
Running: trivy image alpine:3.19.1
returns the following output:
Simply running apk upgrade
will update the dependencies and address the CVE.