Upgrade (8) vulnerable packages in mysql:8 (LTS)

[JaneX8]

Can we please upgrade below vulnerable packages (some reports are from 2022) in the mysql:8 image? All the listed vulnerable packages have fixes available (see column 'FIXED-IN'). I scanned the image with https://github.com/anchore/grype.

grype.exe mysql:8
 ✔ Loaded image                                                                                                                                                                                                                     mysql:8
 ✔ Parsed image                                                                                                                                                     sha256:3818a28b4a67a9efab3547df8a292de847636d5903f7705d4ccbe1d281b20133
 ✔ Cataloged contents                                                                                                                                                      fafe0a304213677e0e00ed98fa2a248cad7a38dc3284d94ced8d8b16592e75d3
   ├── ✔ Packages                        [161 packages]
   ├── ✔ File digests                    [19,943 files]
   ├── ✔ File metadata                   [19,943 locations]
   └── ✔ Executables                     [568 executables]
 ✔ Scanned for vulnerabilities     [63 vulnerability matches]
   ├── by severity: 7 critical, 30 high, 24 medium, 1 low, 0 negligible (1 unknown)
   └── by status:   63 fixed, 0 not-fixed, 0 ignored
NAME                        INSTALLED            FIXED-IN                    TYPE       VULNERABILITY        SEVERITY
cryptography                42.0.8               43.0.1                      python     GHSA-h4gh-qq45-vh27  Medium
gnutls                      3.8.3-4.el9_4        10:3.8.3-4.el9_4_fips       rpm        ELSA-2024-12364      Medium
gnutls                      3.8.3-4.el9_4        10:3.7.6-23.el9_3.4_fips    rpm        ELSA-2024-12336      Medium
openssl                     1:3.2.2-6.0.1.el9_5  10:3.0.7-28.0.1.el9_4_fips  rpm        ELSA-2024-12675      Medium
openssl-libs                1:3.2.2-6.0.1.el9_5  10:3.0.7-28.0.1.el9_4_fips  rpm        ELSA-2024-12675      Medium
python-unversioned-command  3.9.19-8.el9_5.1     0:3.9.21-1.el9_5            rpm        ELSA-2024-10983      Medium
python3                     3.9.19-8.el9_5.1     0:3.9.21-1.el9_5            rpm        ELSA-2024-10983      Medium
python3-libs                3.9.19-8.el9_5.1     0:3.9.21-1.el9_5            rpm        ELSA-2024-10983      Medium
stdlib                      go1.18.2             1.21.11, 1.22.4             go-module  CVE-2024-24790       Critical
stdlib                      go1.18.2             1.19.10, 1.20.5             go-module  CVE-2023-29405       Critical
stdlib                      go1.18.2             1.19.10, 1.20.5             go-module  CVE-2023-29404       Critical
stdlib                      go1.18.2             1.19.10, 1.20.5             go-module  CVE-2023-29402       Critical
stdlib                      go1.18.2             1.19.9, 1.20.4              go-module  CVE-2023-24540       Critical
stdlib                      go1.18.2             1.19.8, 1.20.3              go-module  CVE-2023-24538       Critical
stdlib                      go1.18.2             1.21.0-0                    go-module  CVE-2023-24531       Critical
stdlib                      go1.18.2             1.22.7, 1.23.1              go-module  CVE-2024-34158       High
stdlib                      go1.18.2             1.22.7, 1.23.1              go-module  CVE-2024-34156       High
stdlib                      go1.18.2             1.21.12, 1.22.5             go-module  CVE-2024-24791       High
stdlib                      go1.18.2             1.21.8, 1.22.1              go-module  CVE-2024-24784       High
stdlib                      go1.18.2             1.21.9, 1.22.2              go-module  CVE-2023-45288       High
stdlib                      go1.18.2             1.20.0                      go-module  CVE-2023-45287       High
stdlib                      go1.18.2             1.20.12, 1.21.5             go-module  CVE-2023-45285       High
stdlib                      go1.18.2             1.20.10, 1.21.3             go-module  CVE-2023-44487       High
stdlib                      go1.18.2             1.20.9, 1.21.2              go-module  CVE-2023-39323       High
stdlib                      go1.18.2             1.19.10, 1.20.5             go-module  CVE-2023-29403       High
stdlib                      go1.18.2             1.19.9, 1.20.4              go-module  CVE-2023-29400       High
stdlib                      go1.18.2             1.19.9, 1.20.4              go-module  CVE-2023-24539       High
stdlib                      go1.18.2             1.19.8, 1.20.3              go-module  CVE-2023-24537       High
stdlib                      go1.18.2             1.19.8, 1.20.3              go-module  CVE-2023-24536       High
stdlib                      go1.18.2             1.19.8, 1.20.3              go-module  CVE-2023-24534       High
stdlib                      go1.18.2             1.19.6                      go-module  CVE-2022-41725       High
stdlib                      go1.18.2             1.19.6                      go-module  CVE-2022-41724       High
stdlib                      go1.18.2             1.19.6                      go-module  CVE-2022-41723       High
stdlib                      go1.18.2             1.18.7, 1.19.2              go-module  CVE-2022-41715       High
stdlib                      go1.18.2             1.17.13, 1.18.5             go-module  CVE-2022-32189       High
stdlib                      go1.18.2             1.17.12, 1.18.4             go-module  CVE-2022-30635       High
stdlib                      go1.18.2             1.17.12, 1.18.4             go-module  CVE-2022-30633       High
stdlib                      go1.18.2             1.17.12, 1.18.4             go-module  CVE-2022-30632       High
stdlib                      go1.18.2             1.17.12, 1.18.4             go-module  CVE-2022-30631       High
stdlib                      go1.18.2             1.17.12, 1.18.4             go-module  CVE-2022-30630       High
stdlib                      go1.18.2             1.17.11, 1.18.3             go-module  CVE-2022-30580       High
stdlib                      go1.18.2             1.18.7, 1.19.2              go-module  CVE-2022-2880        High
stdlib                      go1.18.2             1.18.7, 1.19.2              go-module  CVE-2022-2879        High
stdlib                      go1.18.2             1.17.12, 1.18.4             go-module  CVE-2022-28131       High
stdlib                      go1.18.2             1.18.6                      go-module  CVE-2022-27664       High
stdlib                      go1.18.2             1.22.7, 1.23.1              go-module  CVE-2024-34155       Medium
stdlib                      go1.18.2             1.21.11, 1.22.4             go-module  CVE-2024-24789       Medium
stdlib                      go1.18.2             1.21.10, 1.22.3             go-module  CVE-2024-24787       Medium
stdlib                      go1.18.2             1.21.8, 1.22.1              go-module  CVE-2024-24783       Medium
stdlib                      go1.18.2             1.21.8, 1.22.1              go-module  CVE-2023-45290       Medium
stdlib                      go1.18.2             1.21.8, 1.22.1              go-module  CVE-2023-45289       Medium
stdlib                      go1.18.2             1.20.12, 1.21.5             go-module  CVE-2023-39326       Medium
stdlib                      go1.18.2             1.20.8, 1.21.1              go-module  CVE-2023-39319       Medium
stdlib                      go1.18.2             1.20.8, 1.21.1              go-module  CVE-2023-39318       Medium
stdlib                      go1.18.2             1.19.12, 1.20.7             go-module  CVE-2023-29409       Medium
stdlib                      go1.18.2             1.19.11, 1.20.6             go-module  CVE-2023-29406       Medium
stdlib                      go1.18.2             1.19.7, 1.20.2              go-module  CVE-2023-24532       Medium
stdlib                      go1.18.2             1.18.9, 1.19.4              go-module  CVE-2022-41717       Medium
stdlib                      go1.18.2             1.17.12, 1.18.4             go-module  CVE-2022-32148       Medium
stdlib                      go1.18.2             1.17.12, 1.18.4             go-module  CVE-2022-1962        Medium
stdlib                      go1.18.2             1.17.12, 1.18.4             go-module  CVE-2022-1705        Medium
stdlib                      go1.18.2             1.17.11, 1.18.3             go-module  CVE-2022-30629       Low
stdlib                      go1.18.2             1.21.8, 1.22.1              go-module  CVE-2024-24785       Unknown

[LaurentGoderre]

All the ones that are higher than medium are false positive.

https://github.com/tianon/gosu/blob/master/SECURITY.md#cves

[tianon]

gnutls                      3.8.3-4.el9_4        10:3.8.3-4.el9_4_fips       rpm        ELSA-2024-12364      Medium
gnutls                      3.8.3-4.el9_4        10:3.7.6-23.el9_3.4_fips    rpm        ELSA-2024-12336      Medium
openssl                     1:3.2.2-6.0.1.el9_5  10:3.0.7-28.0.1.el9_4_fips  rpm        ELSA-2024-12675      Medium
openssl-libs                1:3.2.2-6.0.1.el9_5  10:3.0.7-28.0.1.el9_4_fips  rpm        ELSA-2024-12675      Medium

These are also a glitch in the scanner -- it shouldn't be recommending the _fips versions of these libraries.

[tianon]

(see also https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-cves)