cve-2023-0286 - Githubissues

alpinelinux / docker-alpine

Official Alpine Linux Docker image. Win at minimalism!

MIT License

1.04k stars 261 forks source link

cve-2023-0286 #301

Closed lengrongfu closed 1 year ago

lengrongfu commented 1 year ago

https://avd.aquasec.com/nvd/cve-2023-0286
https://avd.aquasec.com/nvd/cve-2023-0286

stefanha commented 1 year ago

There is a package update available: https://git.alpinelinux.org/aports/commit/main/openssl?h=3.17-stable&id=524302e205a5b43c2bb48d041bcb10ccf2b480f9

@ncopa What triggers an alpine Docker image rebuild? I see this repo says the miniroot is 3.17.1, which should include the openssl 3.0.8-rc0 package, but the image still contains 3.0.7-rc2.

stefanha commented 1 year ago

This has been fixed in the latest alpine:3.17 image. apk info libssl3 now shows 3.0.8-rc0.

lengrongfu commented 1 year ago

Thanks !