Upgrade (8) vulnerable packages in mysql:8 (LTS) #1098
Description
Can we please upgrade below vulnerable packages (some reports are from 2022) in the mysql:8 image? All the listed vulnerable packages have fixes available (see column 'FIXED-IN'). I scanned the image with https://github.com/anchore/grype.
grype.exe mysql:8
✔ Loaded image mysql:8
✔ Parsed image sha256:3818a28b4a67a9efab3547df8a292de847636d5903f7705d4ccbe1d281b20133
✔ Cataloged contents fafe0a304213677e0e00ed98fa2a248cad7a38dc3284d94ced8d8b16592e75d3
├── ✔ Packages [161 packages]
├── ✔ File digests [19,943 files]
├── ✔ File metadata [19,943 locations]
└── ✔ Executables [568 executables]
✔ Scanned for vulnerabilities [63 vulnerability matches]
├── by severity: 7 critical, 30 high, 24 medium, 1 low, 0 negligible (1 unknown)
└── by status: 63 fixed, 0 not-fixed, 0 ignored
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
cryptography 42.0.8 43.0.1 python GHSA-h4gh-qq45-vh27 Medium
gnutls 3.8.3-4.el9_4 10:3.8.3-4.el9_4_fips rpm ELSA-2024-12364 Medium
gnutls 3.8.3-4.el9_4 10:3.7.6-23.el9_3.4_fips rpm ELSA-2024-12336 Medium
openssl 1:3.2.2-6.0.1.el9_5 10:3.0.7-28.0.1.el9_4_fips rpm ELSA-2024-12675 Medium
openssl-libs 1:3.2.2-6.0.1.el9_5 10:3.0.7-28.0.1.el9_4_fips rpm ELSA-2024-12675 Medium
python-unversioned-command 3.9.19-8.el9_5.1 0:3.9.21-1.el9_5 rpm ELSA-2024-10983 Medium
python3 3.9.19-8.el9_5.1 0:3.9.21-1.el9_5 rpm ELSA-2024-10983 Medium
python3-libs 3.9.19-8.el9_5.1 0:3.9.21-1.el9_5 rpm ELSA-2024-10983 Medium
stdlib go1.18.2 1.21.11, 1.22.4 go-module CVE-2024-24790 Critical
stdlib go1.18.2 1.19.10, 1.20.5 go-module CVE-2023-29405 Critical
stdlib go1.18.2 1.19.10, 1.20.5 go-module CVE-2023-29404 Critical
stdlib go1.18.2 1.19.10, 1.20.5 go-module CVE-2023-29402 Critical
stdlib go1.18.2 1.19.9, 1.20.4 go-module CVE-2023-24540 Critical
stdlib go1.18.2 1.19.8, 1.20.3 go-module CVE-2023-24538 Critical
stdlib go1.18.2 1.21.0-0 go-module CVE-2023-24531 Critical
stdlib go1.18.2 1.22.7, 1.23.1 go-module CVE-2024-34158 High
stdlib go1.18.2 1.22.7, 1.23.1 go-module CVE-2024-34156 High
stdlib go1.18.2 1.21.12, 1.22.5 go-module CVE-2024-24791 High
stdlib go1.18.2 1.21.8, 1.22.1 go-module CVE-2024-24784 High
stdlib go1.18.2 1.21.9, 1.22.2 go-module CVE-2023-45288 High
stdlib go1.18.2 1.20.0 go-module CVE-2023-45287 High
stdlib go1.18.2 1.20.12, 1.21.5 go-module CVE-2023-45285 High
stdlib go1.18.2 1.20.10, 1.21.3 go-module CVE-2023-44487 High
stdlib go1.18.2 1.20.9, 1.21.2 go-module CVE-2023-39323 High
stdlib go1.18.2 1.19.10, 1.20.5 go-module CVE-2023-29403 High
stdlib go1.18.2 1.19.9, 1.20.4 go-module CVE-2023-29400 High
stdlib go1.18.2 1.19.9, 1.20.4 go-module CVE-2023-24539 High
stdlib go1.18.2 1.19.8, 1.20.3 go-module CVE-2023-24537 High
stdlib go1.18.2 1.19.8, 1.20.3 go-module CVE-2023-24536 High
stdlib go1.18.2 1.19.8, 1.20.3 go-module CVE-2023-24534 High
stdlib go1.18.2 1.19.6 go-module CVE-2022-41725 High
stdlib go1.18.2 1.19.6 go-module CVE-2022-41724 High
stdlib go1.18.2 1.19.6 go-module CVE-2022-41723 High
stdlib go1.18.2 1.18.7, 1.19.2 go-module CVE-2022-41715 High
stdlib go1.18.2 1.17.13, 1.18.5 go-module CVE-2022-32189 High
stdlib go1.18.2 1.17.12, 1.18.4 go-module CVE-2022-30635 High
stdlib go1.18.2 1.17.12, 1.18.4 go-module CVE-2022-30633 High
stdlib go1.18.2 1.17.12, 1.18.4 go-module CVE-2022-30632 High
stdlib go1.18.2 1.17.12, 1.18.4 go-module CVE-2022-30631 High
stdlib go1.18.2 1.17.12, 1.18.4 go-module CVE-2022-30630 High
stdlib go1.18.2 1.17.11, 1.18.3 go-module CVE-2022-30580 High
stdlib go1.18.2 1.18.7, 1.19.2 go-module CVE-2022-2880 High
stdlib go1.18.2 1.18.7, 1.19.2 go-module CVE-2022-2879 High
stdlib go1.18.2 1.17.12, 1.18.4 go-module CVE-2022-28131 High
stdlib go1.18.2 1.18.6 go-module CVE-2022-27664 High
stdlib go1.18.2 1.22.7, 1.23.1 go-module CVE-2024-34155 Medium
stdlib go1.18.2 1.21.11, 1.22.4 go-module CVE-2024-24789 Medium
stdlib go1.18.2 1.21.10, 1.22.3 go-module CVE-2024-24787 Medium
stdlib go1.18.2 1.21.8, 1.22.1 go-module CVE-2024-24783 Medium
stdlib go1.18.2 1.21.8, 1.22.1 go-module CVE-2023-45290 Medium
stdlib go1.18.2 1.21.8, 1.22.1 go-module CVE-2023-45289 Medium
stdlib go1.18.2 1.20.12, 1.21.5 go-module CVE-2023-39326 Medium
stdlib go1.18.2 1.20.8, 1.21.1 go-module CVE-2023-39319 Medium
stdlib go1.18.2 1.20.8, 1.21.1 go-module CVE-2023-39318 Medium
stdlib go1.18.2 1.19.12, 1.20.7 go-module CVE-2023-29409 Medium
stdlib go1.18.2 1.19.11, 1.20.6 go-module CVE-2023-29406 Medium
stdlib go1.18.2 1.19.7, 1.20.2 go-module CVE-2023-24532 Medium
stdlib go1.18.2 1.18.9, 1.19.4 go-module CVE-2022-41717 Medium
stdlib go1.18.2 1.17.12, 1.18.4 go-module CVE-2022-32148 Medium
stdlib go1.18.2 1.17.12, 1.18.4 go-module CVE-2022-1962 Medium
stdlib go1.18.2 1.17.12, 1.18.4 go-module CVE-2022-1705 Medium
stdlib go1.18.2 1.17.11, 1.18.3 go-module CVE-2022-30629 Low
stdlib go1.18.2 1.21.8, 1.22.1 go-module CVE-2024-24785 Unknown