The OpenSSL Project will release a security fix (https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html) for a new-and-disclosed CVE on Tuesday, November 1, 2022. Docker estimates about 1,000 image repositories could be impacted across various Docker Official Images and Docker Verified Publisher images.
Docker created a placeholder for the OpenSSL CVE, which we’ll soon replace with the official CVE once it’s disclosed.
And if Docker doesn’t detect a vulnerable version of OpenSSL in your image, you’ll see the following: INFO DSA-2022-0001 not detected
As mentioned earlier, we’ll update this blog once the OpenSSL Project provides more vulnerability details.