Wolfi OS base image used for eturnal contains OpenSSL version affected by CVE-2026-4437, CVE-2026-4438, CVE-2026-4046, CVE-2026-27171, CVE-2026-27171

[maksimpuzynya]

Hi team!

The Wolfi OS base image used to build eturnal containers seems like contains versions affected by follow CVEes:
glibc ( used 2.43-r0) QID: CVE-2026-4437 - fixed in the packages 2.43-r4
glibc ( used 2.43-r0) QID: CVE-2026-4438 - fixed in the packages 2.43-r4
glibc ( used 2.43-r0) QID: CVE-2026-4046 - fixed in the packages 2.43-r6
zlib (used 1.3.1.2-r3) QID: CVE-2026-27171 - fixed in the packages 1.3.2-r0
openssl (used 3.6.1-r1) QID: CVE-2026-2673 - fixed in the packages 3.6.1-r3

Could you please rebuild eturnal images with the latest Wolfi OS base image?

Thanks in advance!

[weiss]

Just for the record: As far as I can see, none of the mentioned CVEs should affect the eturnal container.

But yes, maybe we should just blindly update the container on every CVE fix. Probably the easier workflow.

[zinid]

But yes, maybe we should just blindly update the container on every CVE fix. Probably the easier workflow.

@weiss can we simply update the container?

[weiss]

can we simply update the container?

That's the plan. If @sando38 doesn't get round to it next week I'll have a look.

[sando38]

I bumped the container version in 16a5848. The new base image should hopefully drop CVEs to zero.

[weiss]

Thanks! So we can close this issue, I guess?

[miralin]

Thanks @weiss @sando38, our security scan doesn't show any CVE reported for 1.12.2-r3, so I think you can close this one.