curl-docker icon indicating copy to clipboard operation
curl-docker copied to clipboard

Published 20 hours ago verified publisher icon curl

CVE-2022-37434-zlib found in curl image

Open prasoon-pxc opened this issue 3 years ago • 1 comments

There is security vulnerability (CVE-2022-37434) in alpine image and curl-docker image is using that image as a base image .

upgrade to alpine:3.15 should fix the problem.

SecurityVulnerability--> https://access.redhat.com/security/cve/CVE-2022-37434

prasoon-pxc avatar Sep 08 '22 09:09 prasoon-pxc

thx for the report - this does not directly affect curl - in any event we regularly update alpine to address CVE there and this one specifically will be part of next release (target date Oct 26, 2022)

xquery avatar Sep 08 '22 10:09 xquery

any update on this

prasoon-pxc avatar Oct 31 '22 06:10 prasoon-pxc

latest version of curl-docker addressed this by bumping to alpine 3.16.2 https://alpinelinux.org/posts/Alpine-3.13.12-3.14.8-3.15.6-3.16.2-released.html

xquery avatar Oct 31 '22 08:10 xquery