Rebuild alpine image to include CVE-2022-28391 fix from the upstream

Question

Rebuild alpine image to include CVE-2022-28391 fix from the upstream

bpg opened this issue 3 years ago · 1 comments

The upstream eclipse-temurin:11-jre-alpine is built on top of alpine 3.15.4 that includes fix for CVE-2022-28391 which is marked "critical"

$ docker run -it eclipse-temurin:11-jre-alpine /bin/cat /etc/os-release                                                                                                   
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.15.4
PRETTY_NAME="Alpine Linux v3.15"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://bugs.alpinelinux.org/"

However, the last flyway:8-alpine build does not include alpine v3.15.4:

$ docker pull flyway/flyway:8-alpine
8-alpine: Pulling from flyway/flyway
Digest: sha256:81435ed5053016ea2621d8f5651171f233b167b9fdab71a7f239c6d8fc0343cc
Status: Image is up to date for flyway/flyway:8-alpine
docker.io/flyway/flyway:8-alpine
$ docker run -it --entrypoint /bin/sh flyway/flyway:8-alpine                                                                                                                   
~ $ cat /etc/os-release
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.15.0
PRETTY_NAME="Alpine Linux v3.15"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://bugs.alpinelinux.org/"

Would it be possible to rebuild the latest flyway:8-alpine using up-to-date eclipse-temurin:11-jre-alpine base image to pick up that alpine fix ?

Thanks a lot!

Answer 1 · 2022-05-12T15:31:52.000Z

Docker image has been redeployed with latest alpine and build process set to pull newest by default