#1637 closed task (fixed)

nginx:alpine latest (from 9/12/2018) uses alpine v3.7.1

Reported by: hairylime@… Owned by:
Priority: critical Milestone: 1.15.4
Component: other Version: 1.15.x
Keywords: Cc:
uname -a: Linux 5ca008f213f0 4.9.93-linuxkit-aufs #1 SMP Wed Jun 6 16:55:56 UTC 2018 x86_64 Linux
nginx -V: nginx version: nginx/1.15.3 built by gcc 6.4.0 (Alpine 6.4.0) u

Description

There's a critical security problem in apk that requires updates to 3.8.x: https://justi.cz/security/2018/09/13/alpine-apk-rce.html

Change History (2)

comment:1 Changed 11 months ago by hairylime@…

Just for completeness - I'm looking at image sha256:994032453556b56420d66d53b7d8db1a74e1193165e2a070e50f533d849d9833

/opt # cat /etc/alpine-release
3.7.1

comment:2 Changed 11 months ago by thresh

  • Resolution set to fixed
  • Status changed from new to closed

The alpine images were rebuilt with fixed apk and pushed to the docker hub/store under the same tags as before. Please re-download your images. For more information, see https://github.com/nginxinc/docker-nginx/issues/271 .

Note: See TracTickets for help on using tickets.