Dear Alpine Linux Team,
I trust this message finds you well. My name is Dor, and I am reaching out with a general inquiry about the security status of the zlib library in Alpine Linux version 3.8.
Recently, I have been working with a Docker image based on Alpine:3.8.5, and I observed that the zlib library version is reported as 1.2.11-r1. However, upon reviewing the Alpine Linux Security Advisories, I did not find any mention of CVE-2022-37434 for Alpine:3.8. It appears that the CVE has been addressed in Alpine Linux 3.11 and later versions.
To ensure a comprehensive understanding of the security posture of the zlib library in Alpine:3.8, I would appreciate it if you could shed some light on the following:
1. Is the zlib library in Alpine:3.8 considered not vulnerable to CVE-2022-37434? If so, could you provide some insights into the reasons behind this?
2. Are there plans to address this CVE specifically for Alpine:3.8, or has it been determined that the library in this version is not affected?
I believe that clarifying these points would be valuable not only for my use case but also for others in the community who may be working with Alpine:3.8 in their environments.
If possible, could you also provide an example or guidance on how users can verify the security status of a specific library in an Alpine Linux version to promote transparency and informed decision-making?
I appreciate your time and efforts in maintaining the security integrity of Alpine Linux. Thank you for your attention to this matter.
Best regards,
Dor H.
Hi, you might want use some non-ancient version if you are concerned
about security.
https://alpinelinux.org/releases/
J.
On Tue, 2023-10-17 at 10:37 +0300, Dor Hayun wrote:
>
>
> Dear Alpine Linux Team,
>
> I trust this message finds you well. My name is Dor, and I am
> reaching out with a general inquiry about the security status of the
> zlib library in Alpine Linux version 3.8.
>
> Recently, I have been working with a Docker image based on
> Alpine:3.8.5, and I observed that the zlib library version is
> reported as 1.2.11-r1. However, upon reviewing the Alpine Linux
> Security Advisories, I did not find any mention of CVE-2022-37434 for
> Alpine:3.8. It appears that the CVE has been addressed in Alpine
> Linux 3.11 and later versions.
>
> To ensure a comprehensive understanding of the security posture of
> the zlib library in Alpine:3.8, I would appreciate it if you could
> shed some light on the following:
>
> 1. Is the zlib library in Alpine:3.8 considered not vulnerable to
> CVE-2022-37434? If so, could you provide some insights into the
> reasons behind this?
>
> 2. Are there plans to address this CVE specifically for Alpine:3.8,
> or has it been determined that the library in this version is not
> affected?
>
> I believe that clarifying these points would be valuable not only for
> my use case but also for others in the community who may be working
> with Alpine:3.8 in their environments.
>
> If possible, could you also provide an example or guidance on how
> users can verify the security status of a specific library in an
> Alpine Linux version to promote transparency and informed decision-
> making?
>
> I appreciate your time and efforts in maintaining the security
> integrity of Alpine Linux. Thank you for your attention to this
> matter.
>
> Best regards,
>
> Dor H.