Bump Alpine to v3.9.3 to mitigate CVE-2019-5021
iromli opened this issue · 2 comments
iromli commented
According to https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782, Alpine since v3.3 has vulnerability where it contain a NULL password for the root user.
A simple quick check:
$ docker run --rm alpine:3.8 cat /etc/shadow | grep root
root:::0:::::
As our images are based on alpine:3.8
, we need to address this issue ASAP.
An alternative to mitigate this issue is to upgrade to Alpine v3.9.3
docker run --rm alpine:3.9 cat /etc/shadow | grep root
root:!::0:::::
iromli commented
All gluufederation/*:3.1.5
images have been released.
iromli commented
All gluufederation/*:3.1.6
images have been released.