133
308
2
Events
Alpine CVE-2023-0464 / CVE-2023-0465
Update Alpine v3.14 - 3.14.10
Update Alpine v3.16 - 3.16.5
Update Alpine v3.15 - 3.15.8
Are the alpine container images compliant with FIPS?
Are the alpine container images compliant with FIPS? If not, when can we expect them to become a part of the image?
Are the alpine container images compliant with FIPS?
No, alpine is not FIPS certified and it is uncertain if it will ever be. Someone needs to sponsor the work to:
- investigate what needs to be done to see if it possible at all
- do the actual work (special buidl will be required likely)
- pay for the FIPS certificate (if needed)
Please reach out to me in private if there are anyone willing to sponsor this.
Update Alpine v3.17 - 3.17.3
Update Alpine v3.17 - 3.17.1
the alpine version 3.17.2 is having medium vulnerabilities in libcrpyto3 and libsssl
releases are coming out today
Update Alpine edge - 20230329
ncopa push k0sproject/k0s
Bump go-sqlite3 to v1.14.16
https://github.com/mattn/go-sqlite3/releases/tag/v1.14.15 https://github.com/mattn/go-sqlite3/releases/tag/v1.14.16 https://github.com/mattn/go-sqlite3/compare/v1.14.14...v1.14.16
Fixes CVE-2022-35737.
See: https://github.com/mattn/go-sqlite3/issues/1095 Signed-off-by: Tom Wieczorek twieczorek@mirantis.com
Merge pull request #2799 from twz123/bump-go-sqlite3
Bump go-sqlite3 to v1.14.16
Bump go-sqlite3 to v1.14.16
Description
https://github.com/mattn/go-sqlite3/releases/tag/v1.14.15 https://github.com/mattn/go-sqlite3/releases/tag/v1.14.16 https://github.com/mattn/go-sqlite3/compare/v1.14.14...v1.14.16
Fixes CVE-2022-35737.
See mattn/go-sqlite3#1095.
Type of change
- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
- [ ] Documentation update
How Has This Been Tested?
- [ ] Manual test
- [ ] Auto test added
Checklist:
- [x] My code follows the style guidelines of this project
- [x] My commit messages are signed-off
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my feature works
- [x] New and existing unit tests pass locally with my changes
- [x] Any dependent changes have been merged and published in downstream modules
- [x] I have checked my code and corrected any misspellings
Use docker-cli-compose.
fixes https://github.com/liske/dpns/issues/1
alpine: bump 3.14.9, 3.15.7, 3.16.4 and 3.17.2
Includes openssl security fixes:
- CVE-2022-4203
- CVE-2022-4304
- CVE-2022-4450
- CVE-2023-0215
- CVE-2023-0216
- CVE-2023-0217
- CVE-2023-0286
- CVE-2023-0401
alpine: bump 3.14.9, 3.15.7, 3.16.4 and 3.17.2
Includes openssl security fixes:
- CVE-2022-4203
- CVE-2022-4304
- CVE-2022-4450
- CVE-2023-0215
- CVE-2023-0216
- CVE-2023-0217
- CVE-2023-0286
- CVE-2023-0401
Update Alpine v3.17 - 3.17.2
Update Alpine v3.16 - 3.16.4
Update Alpine v3.15 - 3.15.7
Update Alpine v3.14 - 3.14.9
alpine: edge snapshot 20230208
Are there image rebuilds or releases planned for any of the other versions to include the same CVE fixes?
yes, but they may take a bit more time
