Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • aports aports
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Graph
    • Compare
  • Issues 739
    • Issues 739
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 324
    • Merge requests 324
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Releases
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • alpinealpine
  • aportsaports
  • Issues
  • #11820
Closed
Open
Issue created Aug 06, 2020 by erweiss@erweiss

Alpine Docker 3.12 image vulnerable to CVE-2018-1000500 - (BusyBox)

There was a fix submitted in response to this vulnerability as referenced here: https://git.busybox.net/busybox/commit/?id=45fa3f18adf57ef9d743038743d9c90573aeeb91 on 5/20/2020.

The Alpine 3.12 release; however, still referenced busybox 1.31.1 version. On July 2, 2020 an upgrade to busybox 1.32.0 was included in Alpine branch main/busybox. This would resolve the current CVE-2018-1000500 issue. When will a patch release be rolled out to include this SSL vulnerability?

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking