Bump Alpine to v3.9.3 to mitigate CVE-2019-5021

Question

iromli opened this issue 5 years ago · 2 comments

According to https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782, Alpine since v3.3 has vulnerability where it contain a NULL password for the root user.

A simple quick check:

$ docker run --rm alpine:3.8 cat /etc/shadow | grep root
root:::0:::::

As our images are based on alpine:3.8, we need to address this issue ASAP.

An alternative to mitigate this issue is to upgrade to Alpine v3.9.3

docker run --rm alpine:3.9 cat /etc/shadow | grep root
root:!::0:::::

Answer 1 · 2019-05-09T20:09:45.000Z

All gluufederation/*:3.1.5 images have been released.

Answer 2 · 2019-05-10T17:03:01.000Z

All gluufederation/*:3.1.6 images have been released.