ghost
commented
2 years ago Docker images don't contain the kernel, therefore it's not necessary to upgrade them, when the kernel gets an update.
To check, if the docker image needs an update, run apk upgrade inside the docker image.
For Docker Alpine 3.15 image, you will get the following results:
/ # apk upgrade
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz
(1/3) Upgrading ca-certificates-bundle (20191127-r7 -> 20211220-r0)
(2/3) Upgrading libcrypto1.1 (1.1.1l-r7 -> 1.1.1l-r8)
(3/3) Upgrading libssl1.1 (1.1.1l-r7 -> 1.1.1l-r8)
OK: 6 MiB in 14 packagesThe update of libcrypto1.1 and libssl1.1 from 1.1.1l-r7 to 1.1.1l-r8 was done to provide openssl1.1-compat-libs-static, that's not a security issue. So only the update of the ca-certificates might be security related.
p-bakker
See https://ubuntu.com/security/CVE-2022-0185
The kernel version got bumped to 5.15.16 for Alpine Linux 3.15-stable, see https://gitlab.alpinelinux.org/alpine/aports/-/issues/13475
Looks like the current images use Alpine Linux 3.15.0, so not up to date: https://github.com/alpinelinux/docker-alpine/tree/v3.15