we are using python:3.9-slim-buster image for our service and in can report it being reported with vulnerability CVE-2022-2068 and the remediation is to update openssl to 1.1.1q . Could someone please help me to update openssl package to 1.1.1q in python:3.9-slim-buster image.
fyi, python:3.9-slim-buster image is shipped with openssl 1.1.1n
It would also be fine if you could suggest anyother version of python image which has openssl version 1.1.1q version. Please help to fix the vulnerability as its getting escalated
If I remember correctly there was a similar report before and I found out that debian repositories didn’t provide newer openssl versions only alpine repositories. So you can either switch to alpine based python images which could (but not necessarily will) lead to other issues since alpine uses different libraries or you use an other base image (not python) in which you install python. If the python version that the repository of that distribution is not what you want, you can install Python from source code.