alpine: bump 3.11.6, 3.10.5 and 3.9.6 (CVE-2020-1967) #7867

ncopa · 2020-04-23T14:43:51Z

fixes security issue in openssl.

tianon · 2020-04-23T15:20:19Z

Diff:

diff --git a/_bashbrew-list b/_bashbrew-list
index fb212f7..09c4d7b 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -2,11 +2,11 @@ alpine:3
 alpine:3.8
 alpine:3.8.5
 alpine:3.9
-alpine:3.9.5
+alpine:3.9.6
 alpine:3.10
-alpine:3.10.4
+alpine:3.10.5
 alpine:3.11
-alpine:3.11.5
+alpine:3.11.6
 alpine:20200319
 alpine:edge
 alpine:latest
diff --git a/alpine_3.10/Dockerfile b/alpine_3.10/Dockerfile
index 0c0dac7..33f5579 100644
--- a/alpine_3.10/Dockerfile
+++ b/alpine_3.10/Dockerfile
@@ -1,3 +1,3 @@
 FROM scratch
-ADD alpine-minirootfs-3.10.4-x86_64.tar.gz /
+ADD alpine-minirootfs-3.10.5-x86_64.tar.gz /
 CMD ["/bin/sh"]
diff --git a/alpine_3.10/alpine-minirootfs-3.10.4-x86_64.tar.gz b/alpine_3.10/alpine-minirootfs-3.10.5-x86_64.tar.gz
similarity index 31%
rename from alpine_3.10/alpine-minirootfs-3.10.4-x86_64.tar.gz
rename to alpine_3.10/alpine-minirootfs-3.10.5-x86_64.tar.gz
index 771014f..ec39579 100644
Binary files a/alpine_3.10/alpine-minirootfs-3.10.4-x86_64.tar.gz and b/alpine_3.10/alpine-minirootfs-3.10.5-x86_64.tar.gz differ
diff --git a/alpine_3.10/alpine-minirootfs-3.10.4-x86_64.tar.gz  'tar -t' b/alpine_3.10/alpine-minirootfs-3.10.5-x86_64.tar.gz  'tar -t'
similarity index 100%
rename from alpine_3.10/alpine-minirootfs-3.10.4-x86_64.tar.gz  'tar -t'
rename to alpine_3.10/alpine-minirootfs-3.10.5-x86_64.tar.gz  'tar -t'
diff --git a/alpine_3.9/Dockerfile b/alpine_3.9/Dockerfile
index 979da4a..4d8a6df 100644
--- a/alpine_3.9/Dockerfile
+++ b/alpine_3.9/Dockerfile
@@ -1,3 +1,3 @@
 FROM scratch
-ADD alpine-minirootfs-3.9.5-x86_64.tar.gz /
+ADD alpine-minirootfs-3.9.6-x86_64.tar.gz /
 CMD ["/bin/sh"]
diff --git a/alpine_3.9/alpine-minirootfs-3.9.5-x86_64.tar.gz b/alpine_3.9/alpine-minirootfs-3.9.6-x86_64.tar.gz
similarity index 31%
rename from alpine_3.9/alpine-minirootfs-3.9.5-x86_64.tar.gz
rename to alpine_3.9/alpine-minirootfs-3.9.6-x86_64.tar.gz
index 1988ab7..0809984 100644
Binary files a/alpine_3.9/alpine-minirootfs-3.9.5-x86_64.tar.gz and b/alpine_3.9/alpine-minirootfs-3.9.6-x86_64.tar.gz differ
diff --git a/alpine_3.9/alpine-minirootfs-3.9.5-x86_64.tar.gz  'tar -t' b/alpine_3.9/alpine-minirootfs-3.9.6-x86_64.tar.gz  'tar -t'
similarity index 100%
rename from alpine_3.9/alpine-minirootfs-3.9.5-x86_64.tar.gz  'tar -t'
rename to alpine_3.9/alpine-minirootfs-3.9.6-x86_64.tar.gz  'tar -t'
diff --git a/alpine_latest/Dockerfile b/alpine_latest/Dockerfile
index f5e6fa3..eb47723 100644
--- a/alpine_latest/Dockerfile
+++ b/alpine_latest/Dockerfile
@@ -1,3 +1,3 @@
 FROM scratch
-ADD alpine-minirootfs-3.11.5-x86_64.tar.gz /
+ADD alpine-minirootfs-3.11.6-x86_64.tar.gz /
 CMD ["/bin/sh"]
diff --git a/alpine_latest/alpine-minirootfs-3.11.5-x86_64.tar.gz b/alpine_latest/alpine-minirootfs-3.11.6-x86_64.tar.gz
similarity index 30%
rename from alpine_latest/alpine-minirootfs-3.11.5-x86_64.tar.gz
rename to alpine_latest/alpine-minirootfs-3.11.6-x86_64.tar.gz
index 7f07b9a..b72a381 100644
Binary files a/alpine_latest/alpine-minirootfs-3.11.5-x86_64.tar.gz and b/alpine_latest/alpine-minirootfs-3.11.6-x86_64.tar.gz differ
diff --git a/alpine_latest/alpine-minirootfs-3.11.5-x86_64.tar.gz  'tar -t' b/alpine_latest/alpine-minirootfs-3.11.6-x86_64.tar.gz  'tar -t'
similarity index 100%
rename from alpine_latest/alpine-minirootfs-3.11.5-x86_64.tar.gz  'tar -t'
rename to alpine_latest/alpine-minirootfs-3.11.6-x86_64.tar.gz  'tar -t'

tianon · 2020-04-23T15:26:42Z

LGTM

Just FYI, our queue is currently pretty bloated due to #7858 (this and #7865 will be further compounding that 😅).

Build test of #7867; 7b9e188; amd64 (alpine):

$ bashbrew build alpine:20200319
Using bashbrew/cache:c0f2ab8b8eaac3728572056a51bcb6080bc04ec848c9519ed16b2d4b540eecdc (alpine:20200319)
Tagging alpine:20200319
Tagging alpine:edge

$ test/run.sh alpine:20200319
testing alpine:20200319
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build alpine:3.11.6
Building bashbrew/cache:9c31a419fd838530c7aaa9aafd55c66ba4cf0644337369765531d548afeb5531 (alpine:3.11.6)
Tagging alpine:3.11.6
Tagging alpine:3.11
Tagging alpine:3
Tagging alpine:latest

$ test/run.sh alpine:3.11.6
testing alpine:3.11.6
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build alpine:3.10.5
Building bashbrew/cache:99937e1a0034ed66f19b41693eec5219b4547620cab8bec0f06f851a0be2ae47 (alpine:3.10.5)
Tagging alpine:3.10.5
Tagging alpine:3.10

$ test/run.sh alpine:3.10.5
testing alpine:3.10.5
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build alpine:3.9.6
Building bashbrew/cache:cb337dd2666ba6128140d79517c3d90ca94454efb7373f647bf5159631c69e01 (alpine:3.9.6)
Tagging alpine:3.9.6
Tagging alpine:3.9

$ test/run.sh alpine:3.9.6
testing alpine:3.9.6
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build alpine:3.8.5
Using bashbrew/cache:6340953e14c91329c661fdef665d5ab188765632a3d8a00c8c47d6b65448107b (alpine:3.8.5)
Tagging alpine:3.8.5
Tagging alpine:3.8

$ test/run.sh alpine:3.8.5
testing alpine:3.8.5
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed

alpine: bump 3.11.6, 3.10.5 and 3.9.6 (CVE-2020-1967)

7b9e188

fixes security issue in openssl.

docker-library-bot added the library/alpine label Apr 23, 2020

tianon mentioned this pull request Apr 23, 2020

Update Ubuntu #7865

Merged

tianon merged commit 1c114c1 into docker-library:master Apr 23, 2020

This was referenced Apr 23, 2020

Multiple CVEs docker-library/ruby#316

Closed

openssl security issue on debian stable images docker-library/php#1006

Closed

ncopa deleted the alpine-3.11.6 branch April 29, 2020 09:02

yosifkit mentioned this pull request Sep 25, 2020

nginx:alpine CVE-2020-24977 nginxinc/docker-nginx#453

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

alpine: bump 3.11.6, 3.10.5 and 3.9.6 (CVE-2020-1967) #7867

alpine: bump 3.11.6, 3.10.5 and 3.9.6 (CVE-2020-1967) #7867

ncopa commented Apr 23, 2020

tianon commented Apr 23, 2020

tianon commented Apr 23, 2020

alpine: bump 3.11.6, 3.10.5 and 3.9.6 (CVE-2020-1967) #7867

alpine: bump 3.11.6, 3.10.5 and 3.9.6 (CVE-2020-1967) #7867

Conversation

ncopa commented Apr 23, 2020

tianon commented Apr 23, 2020

tianon commented Apr 23, 2020