Critical severity vulnerability found in zlib/zlib - yobasystems/alpine-mariadb:10

[tip2tail]

Hello

I scanned the latest image for vulnerabilities and found that is affected by a problem in the alpine base image.

Suggest that the base image is updated to resolve this.

THANK YOU for your work on this project!

M

docker scan yobasystems/alpine-mariadb:10

Testing yobasystems/alpine-mariadb:10...

✗ Critical severity vulnerability found in zlib/zlib
  Description: Out-of-bounds Write
  Info: https://snyk.io/vuln/SNYK-ALPINE316-ZLIB-2976176
  Introduced through: zlib/zlib@1.2.12-r1, apk-tools/apk-tools@2.12.9-r3, curl/libcurl@7.83.1-r2, libxml2/libxml2@2.9.14-r0, mariadb/mariadb@10.6.8-r0, mariadb/mariadb-client@10.6.8-r0, perl/perl@5.34.1-r0
  From: zlib/zlib@1.2.12-r1
  From: apk-tools/apk-tools@2.12.9-r3 > zlib/zlib@1.2.12-r1
  From: curl/libcurl@7.83.1-r2 > zlib/zlib@1.2.12-r1
  and 4 more...
  Fixed in: 1.2.12-r2

Package manager:   apk
Project name:      docker-image|yobasystems/alpine-mariadb
Docker image:      yobasystems/alpine-mariadb:10
Platform:          linux/amd64
Base image:        alpine:3.16.1

Tested 35 dependencies for known vulnerabilities, found 1 vulnerability.

Base Image     Vulnerabilities  Severity
alpine:3.16.1  1                1 critical, 0 high, 0 medium, 0 low

Recommendations for base image upgrade:

Minor upgrades
Base Image  Vulnerabilities  Severity
alpine:3    0                0 critical, 0 high, 0 medium, 0 low

[dominictayloruk]

Fixed in the newer image

https://www.alpinelinux.org/posts/Alpine-3.13.12-3.14.8-3.15.6-3.16.2-released.html

Will update later

[tip2tail]

Thanks @dominictayloruk

Has this been updated yet? Just so you know there is now a second vulnerability in the base image too: https://snyk.io/vuln/SNYK-ALPINE316-LIBXML2-2987456

M

[dominictayloruk]

Base image updated to 3.16.2, once builds complete will commence on updating this image.

[dominictayloruk]

Fixed in 0d2d73466732ca4e0a7979b63812e46d93394981