Closed p-bakker closed 2 years ago
Docker images don't contain the kernel, therefore it's not necessary to upgrade them, when the kernel gets an update.
To check, if the docker image needs an update, run apk upgrade
inside the docker image.
For Docker Alpine 3.15 image, you will get the following results:
/ # apk upgrade
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz
(1/3) Upgrading ca-certificates-bundle (20191127-r7 -> 20211220-r0)
(2/3) Upgrading libcrypto1.1 (1.1.1l-r7 -> 1.1.1l-r8)
(3/3) Upgrading libssl1.1 (1.1.1l-r7 -> 1.1.1l-r8)
OK: 6 MiB in 14 packages
The update of libcrypto1.1 and libssl1.1 from 1.1.1l-r7 to 1.1.1l-r8 was done to provide openssl1.1-compat-libs-static, that's not a security issue. So only the update of the ca-certificates might be security related.
Tnx for educating me!
See https://ubuntu.com/security/CVE-2022-0185
The kernel version got bumped to 5.15.16 for Alpine Linux 3.15-stable, see https://gitlab.alpinelinux.org/alpine/aports/-/issues/13475
Looks like the current images use Alpine Linux 3.15.0, so not up to date: https://github.com/alpinelinux/docker-alpine/tree/v3.15