Need upgrade to Docker image for OpenSSL 1.1.1b-r1 due to CVE-2019-1543
(originally logged in https://github.com/alpinelinux/docker-alpine/issues/2)
See https://nvd.nist.gov/vuln/detail/CVE-2019-1543
This has already been fixed in the latest version of the packages which
are already in the v3.9 repo, so a simple apk upgrade
will
fix it at runtime (or in a Dockerfile
):
$ docker run -it --rm alpine:3.9 apk upgrade
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/community/x86_64/APKINDEX.tar.gz
(1/4) Upgrading musl (1.1.20-r3 -> 1.1.20-r4)
(2/4) Upgrading libcrypto1.1 (1.1.1a-r1 -> 1.1.1b-r1)
(3/4) Upgrading libssl1.1 (1.1.1a-r1 -> 1.1.1b-r1)
(4/4) Upgrading musl-utils (1.1.20-r3 -> 1.1.20-r4)
Executing busybox-1.29.3-r10.trigger
OK: 6 MiB in 14 packages
I suspect all that needs to be done is a new image built…
(from redmine: issue id 10175, created on 2019-03-28)