vault-k8s container image v0.17.0 contains critical CVE's (vulnerabilities)

[GiuseppeChiesa-TomTom]

Describe the bug
As part of our gate for accepting container images we have Trivy scan. This scan is reporting CRITICAL vulnerabilities on v0.17.0 images

To Reproduce

❯ docker run aquasec/trivy image --ignore-unfixed -s "CRITICAL"  docker.io/hashicorp/vault-k8s:0.17.0      
2022-08-17T08:48:29.798Z	INFO	Need to update DB
2022-08-17T08:48:29.798Z	INFO	DB Repository: ghcr.io/aquasecurity/trivy-db
2022-08-17T08:48:29.798Z	INFO	Downloading DB...
4.01 MiB / 33.68 MiB [------->______________________________________________________] 11.90% ? p/s ?12.04 MiB / 33.68 MiB [--------------------->_______________________________________] 35.74% ? p/s ?19.55 MiB / 33.68 MiB [----------------------------------->_________________________] 58.05% ? p/s ?28.80 MiB / 33.68 MiB [----------------------------------------->______] 85.51% 41.30 MiB p/s ETA 0s33.68 MiB / 33.68 MiB [---------------------------------------------->] 100.00% 41.30 MiB p/s ETA 0s33.68 MiB / 33.68 MiB [---------------------------------------------->] 100.00% 41.30 MiB p/s ETA 0s33.68 MiB / 33.68 MiB [---------------------------------------------->] 100.00% 39.16 MiB p/s ETA 0s33.68 MiB / 33.68 MiB [---------------------------------------------->] 100.00% 39.16 MiB p/s ETA 0s33.68 MiB / 33.68 MiB [---------------------------------------------->] 100.00% 39.16 MiB p/s ETA 0s33.68 MiB / 33.68 MiB [---------------------------------------------->] 100.00% 36.64 MiB p/s ETA 0s33.68 MiB / 33.68 MiB [---------------------------------------------->] 100.00% 36.64 MiB p/s ETA 0s33.68 MiB / 33.68 MiB [---------------------------------------------->] 100.00% 36.64 MiB p/s ETA 0s33.68 MiB / 33.68 MiB [---------------------------------------------->] 100.00% 34.27 MiB p/s ETA 0s33.68 MiB / 33.68 MiB [---------------------------------------------->] 100.00% 34.27 MiB p/s ETA 0s33.68 MiB / 33.68 MiB [-------------------------------------------------] 100.00% 12.07 MiB p/s 3.0s2022-08-17T08:48:33.527Z	INFO	Vulnerability scanning is enabled
2022-08-17T08:48:33.527Z	INFO	Secret scanning is enabled
2022-08-17T08:48:33.527Z	INFO	If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2022-08-17T08:48:33.527Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.31.0/docs/secret/scanning/#recommendation for faster secret detection
2022-08-17T08:48:35.709Z	INFO	Detected OS: alpine
2022-08-17T08:48:35.709Z	INFO	Detecting Alpine vulnerabilities...
2022-08-17T08:48:35.710Z	INFO	Number of language-specific files: 1
2022-08-17T08:48:35.710Z	INFO	Detecting gobinary vulnerabilities...

docker.io/hashicorp/vault-k8s:0.17.0 (alpine 3.16.1)
====================================================
Total: 1 (CRITICAL: 1)

┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Installed Version │ Fixed Version │                           Title                           │
├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────────┤
│ zlib    │ CVE-2022-37434 │ CRITICAL │ 1.2.12-r1         │ 1.2.12-r2     │ zlib: a heap-based buffer over-read or buffer overflow in │
│         │                │          │                   │               │ inflate in inflate.c...                                   │
│         │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2022-37434                │
└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────────┘

Expected behavior
No critical vulnerability with available fix should be reported.

[tomhjp]

Thanks for raising, upgrading the base alpine image from 3.16.1 to 3.16.2 seems to address this, so I've raised hashicorp/vault-k8s#382.

[heatherezell]

In the future, please email security@hashicorp.com to report security issues. Thanks! :)