Vulnerability in `binutils 2.41-r0` – CVE-2023-25584

alpinelinux / docker-alpine

Official Alpine Linux Docker image. Win at minimalism!

MIT License

1.04k stars 261 forks source link

Open artawck opened 4 months ago

artawck commented 4 months ago

Hi Alpine team,

I'm using the latest officially available version of the binutils, which is 2.41-r0.

However, it has a vulnerability CVE-2023-25584 in it, which is ranked as High Severity one during my analysis.

I have two questions about this:

is there an alternate way to get rid of the vulnerability?
did you have a chance to look at binutils@ 2.42 and maybe you have some ETA when it will be available for further usage?

Thanks, AA

chereskata commented 3 months ago

Hi,

thank you for your report. As of Feb 19, 2024 the binutils package is up to date, see https://pkgs.alpinelinux.org/package/edge/main/x86_64/binutils

I would recommend to open issues on the official Alpine Gitlab: https://gitlab.alpinelinux.org/alpine/aports