From 9bea7610f0b98ba9457d117720303a9bf628620b Mon Sep 17 00:00:00 2001
From: Sergey <6213510+sshnaidm@users.noreply.github.com>
Date: Tue, 4 Jul 2023 10:23:53 +0300
Subject: [PATCH] security: update base Alpine image to 3.18.2 to avoid
 security risks (#4571)

libcrypto3 and libssl3 in Alpine 3.18.0 have versions `3.1.0-r4`
which contains CVE-2023-2650:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
Use ALpine image 3.18.2 which contains fixed versions of libssl3
and libcrypto3: 3.1.1-r0
NB: In Openshift these containers are marked as vulnerabilities
because of these CVEs.
---
 app/vmui/Dockerfile-web    | 2 +-
 deployment/docker/Makefile | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/vmui/Dockerfile-web b/app/vmui/Dockerfile-web
index e446e29e0..19539efce 100644
--- a/app/vmui/Dockerfile-web
+++ b/app/vmui/Dockerfile-web
@@ -6,7 +6,7 @@ COPY web/ /build/
 RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o web-amd64 github.com/VictoriMetrics/vmui/ && \
     GOOS=windows GOARCH=amd64 CGO_ENABLED=0 go build -o web-windows github.com/VictoriMetrics/vmui/
 
-FROM alpine:3.18.0
+FROM alpine:3.18.2
 USER root
 
 COPY --from=build-web-stage /build/web-amd64 /app/web
diff --git a/deployment/docker/Makefile b/deployment/docker/Makefile
index b1392cbcf..2a417fc00 100644
--- a/deployment/docker/Makefile
+++ b/deployment/docker/Makefile
@@ -2,10 +2,10 @@
 
 DOCKER_NAMESPACE ?= victoriametrics
 
-ROOT_IMAGE ?= alpine:3.18.0
+ROOT_IMAGE ?= alpine:3.18.2
 
-# Use alpine:3.17.3 instead of 3.18.0 for CERTS_IMAGE
-# because alpine:3.18.0 is broken for cross-platform builds
+# Use alpine:3.17.3 instead of 3.18.2 for CERTS_IMAGE
+# because alpine:3.18.2 is broken for cross-platform builds
 # TODO: sync it with ROOT_IMAGE when it will be fixed in the new alpine releases
 CERTS_IMAGE := alpine:3.17.3