So Alpine Linux has a pretty serious set of vulnerabilities because

- It doesn’t download packages over TLS, making them prone to MitM. Which on its own isn’t terrible but it also...

- Doesn’t check hashes before extracting to root (!)

- And uses custom gzip code which is vulnerable to arbitrary code execution (!!)

justi.cz/security/2018/09/13/a

@cypnk so... you would say perfect for an enterprise application?

Follow

@msmouse Oh snap! (Wait, do people still say “oh snap”? I’m so old 😭)

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!