yosifkit
commented
2 years ago 216 just updated the base to alpine:3.16, so as soon as that goes through the process, the image will have the newer packages that are available in 3.16:
$ docker run -it --rm alpine:3.16
Unable to find image 'alpine:3.16' locally
3.16: Pulling from library/alpine
2408cc74d12b: Pull complete
Digest: sha256:686d8c9dfa6f3ccfc8230bc3178d23f84eeaf7e457f36f271ab1acc53015037c
Status: Downloaded newer image for alpine:3.16
/ # apk add libldap
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/community/x86_64/APKINDEX.tar.gz
(1/3) Installing gdbm (1.23-r0)
(2/3) Installing libsasl (2.1.28-r0)
(3/3) Installing libldap (2.6.2-r0)
OK: 6 MiB in 17 packages
logidru
Hi
the current image contains libldap (2.6.0-r0)
installed via apr-util-ldap
apk add apr-util-ldap fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz (1/4) Installing gdbm (1.22-r0) (2/4) Installing libsasl (2.1.28-r0) (3/4) Installing libldap (2.6.0-r0) (4/4) Installing apr-util-ldap (1.6.1-r11)
One customer is complaning about
NVD - CVE-2022-29155 https://nvd.nist.gov/vuln/detail/CVE-2022-29155#vulnCurrentDescriptionTitle
Is there any workaround to fix this?