Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

alpine:latest has CVE-2019-14697 #34

Closed
tgerlach opened this issue Aug 12, 2019 · 7 comments
Closed

alpine:latest has CVE-2019-14697 #34

tgerlach opened this issue Aug 12, 2019 · 7 comments

Comments

@tgerlach
Copy link

tgerlach commented Aug 12, 2019
edited
Loading 

Vulnerable Packages Found
=========================

Vulnerability ID   Policy Status   Affected Packages   How to Resolve
CVE-2019-14697     Active          musl                Upgrade musl to >= 1.1.22-r3
@tianon
Copy link
Contributor

tianon commented Aug 12, 2019

More specifically, all supported versions 3.7 - 3.10 are affected:

  • alpine:3.10.1: musl=1.1.22-r2 fixed by 1.1.22-r3
  • alpine:3.9.4: musl=1.1.20-r4 fixed by 1.1.20-r5
  • alpine:3.8.4: musl=1.1.19-r10 fixed by 1.1.19-r11
  • alpine:3.7.3: musl=1.1.18-r3 fixed by 1.1.18-r4

@tianon tianon mentioned this issue Aug 12, 2019
Closed
@ncopa
Copy link
Contributor

ncopa commented Aug 13, 2019

Please note that this only affects 32 bit x86 (aka i386).

@mizeng
Copy link

mizeng commented Aug 16, 2019

how to resolve this? Could we have a new version of alpine?

@ncopa
Copy link
Contributor

ncopa commented Aug 21, 2019

alpine:3.10/alpine:latest is fixed with docker-library/official-images@6122677

@ncopa
Copy link
Contributor

ncopa commented Aug 21, 2019

Users who are using 32 bit images can do apk upgrade -U til new release are made for alpine:3.9, alpine:3.8 and alpine:3.7.

@wglambert wglambert mentioned this issue Sep 24, 2019
Closed
@yosifkit yosifkit mentioned this issue Sep 30, 2019
Closed
@armaanshah96 armaanshah96 mentioned this issue Oct 2, 2019
Merged
@camp-007
Copy link

camp-007 commented Oct 7, 2019

Is the intention to patch 3.9 (or other versions) as well? Or will we be required to update the minor version to receive this?

@camp-007 camp-007 mentioned this issue Oct 7, 2019
Closed
@RammusXu RammusXu mentioned this issue Oct 9, 2019
Merged
@nschonni nschonni mentioned this issue Oct 30, 2019
Closed
@chzbrgr71 chzbrgr71 mentioned this issue Nov 8, 2019
Merged
@esukram esukram mentioned this issue Nov 11, 2019
Merged
@adusumillipraveen adusumillipraveen mentioned this issue Nov 27, 2019
Merged
adusumillipraveen added a commit to adusumillipraveen/aad-pod-identity that referenced this issue Nov 27, 2019
@adusumillipraveen
Moving to latest Alpine
a40caa8 
3.10.1 has a high severity vulnerability being raised on our CSP. it's good to be on latest anyway.

alpinelinux/docker-alpine#34
@adusumillipraveen adusumillipraveen mentioned this issue Nov 27, 2019
Merged
@aramase aramase mentioned this issue Nov 27, 2019
Merged
@drwetter drwetter mentioned this issue Dec 3, 2019
Closed
@ingokofler
Copy link

@ncopa is 3.9 still maintained?

This overview https://wiki.alpinelinux.org/wiki/Alpine_Linux:Releases is giving me the impression that I will still get security fixes until November 2020 but as it seems this is not the case. What's the official strategy on providing bugfixes for Docker images?

@vguaglione vguaglione mentioned this issue Apr 23, 2020
Open
PascalBourdier pushed a commit to PascalBourdier/flannel that referenced this issue May 6, 2020
fix CVE-2019-14697
38c583b 
warn report by quay.io :
https://quay.io/repository/coreos/flannel/manifest/sha256:6d451d92c921f14bfb38196aacb6e506d4593c5b3c9d40a8b8a2506010dc3e10?tab=vulnerabilities

this security issue is not present in 3.11 :
alpinelinux/docker-alpine#34
@PascalBourdier PascalBourdier mentioned this issue May 6, 2020
Merged
@petersutter petersutter mentioned this issue Sep 4, 2020
Merged
@juliahayward juliahayward mentioned this issue Jan 19, 2021
Closed
statbit pushed a commit to adobe-platform/aad-pod-identity that referenced this issue Sep 30, 2021
@adusumillipraveen
Moving to latest Alpine
6977615 
3.10.1 has a high severity vulnerability being raised on our CSP. it's good to be on latest anyway.

alpinelinux/docker-alpine#34
novad03 pushed a commit to novad03/azure-pod-identity that referenced this issue Nov 25, 2023
@adusumillipraveen
Moving to latest Alpine
8243848 
3.10.1 has a high severity vulnerability being raised on our CSP. it's good to be on latest anyway.

alpinelinux/docker-alpine#34
@ncopa ncopa closed this as completed Jul 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@ncopa @tianon @mizeng @tgerlach @camp-007 @ingokofler