DaniloHeide
commented
1 year ago Seems to be resolved. Thanks!
Closed DaniloHeide closed 1 year ago
DaniloHeide
commented
1 year ago Seems to be resolved. Thanks!
frankgrimes97
commented
1 year ago @DaniloHeide In my testing it doesn't appear that the Liberica docker image has been updated with the latest Alpine OpenSSL CVE fixes
$ docker run -it bellsoft/liberica-openjdk-alpine:20
/ # apk list -I | grep libssl
...
libssl3-3.1.0-r4 x86_64 {openssl} (Apache-2.0) [installed]Here is the latest/fixed version of the upstream alpine-3.18 image (which I believe is 3.18.2 now)
$ docker run -it alpine:3.18
Unable to find image 'alpine:3.18' locally
3.18: Pulling from library/alpine
31e352740f53: Pull complete
Digest: sha256:82d1e9d7ed48a7523bdebc18cf6290bdb97b82302a8a9c27d4fe885949ea94d1
Status: Downloaded newer image for alpine:3.18
/ # apk list -I | grep libssl
...
libssl3-3.1.1-r1 x86_64 {openssl} (Apache-2.0) [installed]FYI, I opened a new issue to track this: https://github.com/bell-sw/Liberica/issues/137
Hi Bellsoft Team,
thanks for the Docker images you provide. I wanted to ask, if it would be possible for you, to integrate the fix for CVE-2023-2650 in your Alpine Linux images (ref. https://github.com/alpinelinux/docker-alpine/issues/328)?
Thanks in advance!