Docker-alpine: CVE-2017-15650 musl rebuild

Created on 24 Oct 2017  路  4Comments  路  Source: gliderlabs/docker-alpine

As mentioned in #347 there has been a security release of musl. I have file a bug on the alpine bug tracker which has lead to a backport into the 3.2, 3.3, 3.4, 3.5 and 3.6 releases.

I believe all of those images should also be rebuilt (in addition to the suggested rebuild of edge in the above linked issue) to include this security release.

release upstream
Source
picture oarmstrong

Most helpful comment

We'll try to get the builds out today, hopefully with #352.

picture andyshinn on 25 Oct 2017
👍4

All 4 comments

We'll try to get the builds out today, hopefully with #352.

andyshinn picture andyshinn on 25 Oct 2017
👍4

Any update on timeline for this? I've switched to :edge for now, which includes musl 1.1.17-r1.

mitchellrj picture mitchellrj on 27 Oct 2017

It looks like it's been done when I pulled the image this morning. An official closure would be handy though.

/ # apk info musl
musl-1.1.16-r14 description:
the musl c library (libc) implementation

musl-1.1.16-r14 webpage:
http://www.musl-libc.org/

musl-1.1.16-r14 installed size:
581632

https://git.alpinelinux.org/cgit/aports/tree/main/musl/APKBUILD?h=3.6-stable references 1.1.16-r14 as the fixed version. All good as far as I can tell.

oarmstrong picture oarmstrong on 27 Oct 2017

Yes, it was done in #352.

andyshinn picture andyshinn on 27 Oct 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

IdanAdar picture IdanAdar  路  4Comments
dinogun picture dinogun  路  3Comments
mterzo picture mterzo  路  4Comments
kooksee picture kooksee  路  4Comments
rmNyro picture rmNyro  路  3Comments