CVE-2019-3462 (vulnerable apt)

[gjcarneiro]

$ docker pull python:3.6
3.6: Pulling from library/python
Digest: sha256:a01b318f4768a20a679da7d901de1676de0079bf85a01179611dd3fec67d5d66
Status: Image is up to date for python:3.6
$ docker run -ti python:3.6 sh -c "apt --version"
apt 1.4.8 (amd64)

https://security-tracker.debian.org/tracker/CVE-2019-3462

[tao12345666333]

just wait all the images rebuild and push to docker hub.

[ulgens]

I know there is no better solution atm but "just wait" is not an answer for security issues. You're saying "just risk your system for days and wait, it's not important whether your environment is secure or not".

[tianon]

Looks like we're running into some odd build failures on these that we haven't seen on other builds; we're investigating and will get these updated asap.

[tianon]

Rebuild seems to have been successful, so it's pushing now and should be available soon.

[tianon]

$ docker pull python:3
3: Pulling from library/python
Digest: sha256:710d9343bad59dc3bd38e9fb1e92f860c6c9899b2fd092aac3a5b0542d316fbb
Status: Image is up to date for python:3
$ docker run --rm python:3 apt --version
apt 1.4.9 (amd64)

👍

[tao12345666333]

@ulgens If you want to fix it right away, you can execute apt update && apt upgrade apt directly. But if you rely entirely on the official image, then all you can do is wait for it to rebuild.

Also, when I did this reply, I saw that docker-library/official-images#5329 was merged, so waiting for rebuild is also the most reasonable explanation.