docker-alpine icon indicating copy to clipboard operation
docker-alpine copied to clipboard

Published 20 hours ago verified publisher icon alpinelinux

libxml2 vulnerablility CVE-2022-2309 in alpine:3.16.0

Open fred214 opened this issue 2 years ago • 7 comments

Hi, I noticed in alpine:3.16.0 the libxml2 version is 2.9.14-r0, does this version fix the vulnerability? Many thanks

fred214 avatar Jul 21 '22 08:07 fred214

@fred214 could you confirm in 3.16.1 that it is present too?

shakaran avatar Aug 26 '22 13:08 shakaran

Hi, I noticed in alpine:3.16.0 the libxml2 version is 2.9.14-r0, does this version fix the vulnerability? Many thanks

The same to me when using the alpine:latest (3.16.2)

docker run --rm alpine:3.16 cat /etc/os-release
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.16.2
PRETTY_NAME="Alpine Linux v3.16"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://gitlab.alpinelinux.org/alpine/aports/-/issues"

apk libxml2 info
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.16/main: No such file or directory
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.16/community: No such file or directory
libxml2-2.9.14-r0 description:
XML parsing library, version 2

libxml2-2.9.14-r0 webpage:
http://www.xmlsoft.org/

libxml2-2.9.14-r0 installed size:
1200 KiB

vienleidl avatar Aug 29 '22 08:08 vienleidl

It seems to be fixed in 3.16-main with libxml2-2.9.14.-r1 https://security.alpinelinux.org/srcpkg/libxml2

vienleidl avatar Sep 05 '22 02:09 vienleidl

I think we should upgrade to libxml2 with version 2.10.2 for fixing other CVEs https://github.com/alpinelinux/aports/blob/master/main/libxml2/APKBUILD

vienleidl avatar Sep 06 '22 06:09 vienleidl

Hi @ncopa, could you please help to have a look? Thank you!

vienleidl avatar Sep 09 '22 01:09 vienleidl

Any update on this ?

ratishr avatar Nov 07 '22 10:11 ratishr

any news?

LucasLopesr avatar Nov 10 '22 18:11 LucasLopesr