Vulnerabilities

[joe-eklund]

I am detecting these issues with my tenable scanning:

• CVE-2023-5678

  • Fix: Upgrade to >= OpenSSL 3.1.5
  • https://www.tenable.com/plugins/nessus/185161
  • https://nvd.nist.gov/vuln/detail/CVE-2023-5678

• CVE-2024-0853

  • Fix: Upgrade to > Curl 8.5.0
  • https://www.tenable.com/cve/CVE-2024-0853
  • https://nvd.nist.gov/vuln/detail/CVE-2024-0853

I believe these can be traced to Curl needing to be updated.

From inside the container:

/ # curl --version
curl 8.5.0 (x86_64-alpine-linux-musl) libcurl/8.5.0 OpenSSL/3.1.4 zlib/1.2.13 brotli/1.0.9 libidn2/2.3.4 nghttp2/1.57.0

[tmknight]

Sorry to troll, but I attempted a PR to keep Alpine updated, however, it was down voted. Indeed, you have an example of where keeping Alpine updated would be handy.

So I created a completely new project written in Rust, fully featured and secure. Hope this helps.

[stanthewizzard]

Sorry to troll, but I attempted a PR to keep Alpine updated, however, it was down voted. Indeed, you have an example of where keeping Alpine updated would be handy.

So I created a completely new project written in Rust, fully featured and secure. Hope this helps.

So this is the new container ?