Security vulnerabilities in alpine:3.18/3.18.6

[OlgasAcc]

Hello,

We use a few external images in the project. The Aqua security scanner has flagged vulnerabilities due to the utilization of an Alpine version 3.18 and 3.18.6:

CVE-2023-43788 libxpm
CVE-2023-43789 libxpm
CVE-2024-0853 libcurl
CVE-2024-0853 curl
CVE-2023-42363 busybox-binsh
CVE-2023-42364 busybox-binsh
CVE-2023-42365 busybox-binsh
CVE-2023-42366 busybox-binsh
CVE-2023-42366 busybox-binsh
CVE-2023-42363 ssl_client
CVE-2023-42364 ssl_client
CVE-2023-42365 ssl_client
CVE-2023-42366 ssl_client
CVE-2023-42363 busybox
CVE-2023-42364 busybox
CVE-2023-42365 busybox
CVE-2023-42366 busybox

To close these security tickets is critical for our upcoming GA release.
To address these security concerns, updating to Alpine version 3.19.1 resolves these issues, but maintainers of the images are awaiting fixes in additional releases of the v3.18.
Would it be feasible for you to provide the necessary fixes for 3.18?

Thanks and Best regards,
Olga

[EelcoLos]

can confirm CVE-2023-42363 up to CVE-2023-42366 (CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366) are also in alpine-busybox 1.36.1-r15, which is retrieved while using tags: alpine:3, 3.19, 3.19.1, latest