docker-alpine icon indicating copy to clipboard operation
docker-alpine copied to clipboard

Published 20 hours ago verified publisher icon gliderlabs

Curl Vulnerabilities

Open cojalvo opened this issue 7 years ago • 1 comments

Hi, i'm using alpine:3.6 when adding curl it use an old version with vulnerability which was fixed in curl 7.56.0 Any idea why the curl fixed version doesn't taken when adding it?

the command in the docker file is RUN apk add --update curl && \ rm -rf /var/cache/apk/*

cojalvo avatar Oct 17 '17 14:10 cojalvo

Works for me:

$ dri alpine:3.6 apk -U add curl
fetch http://dl-cdn.alpinelinux.org/alpine/v3.6/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.6/community/x86_64/APKINDEX.tar.gz
(1/4) Installing ca-certificates (20161130-r2)
(2/4) Installing libssh2 (1.8.0-r1)
(3/4) Installing libcurl (7.56.0-r0)
(4/4) Installing curl (7.56.0-r0)
Executing busybox-1.26.2-r5.trigger
Executing ca-certificates-20161130-r2.trigger
OK: 6 MiB in 15 packages

Can you please give the full output of your docker build and the Dockerfile?

andyshinn avatar Oct 17 '17 17:10 andyshinn