Upgrading statd-graphite container to mitigate critical CVE


https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782 has come out last week, showing that all alpine 3.x versions contain a NULL root password allowing for easy remote authentication. I am specifically concerned about the registry.replicated.com/library/statsd-graphite:1.0.1 container which is affected by this.

I have updated to the latest replicated (version 2.35.1 (git=“9d29a4c”, date=“2019-05-01 01:51:20 +0000 UTC”)), however there was no change to this container. Is there a timeline for update, or can anyone provide a suggested path to manually doing so?

Thank you!