Announcement

**ssokolow** · 18 January 2018, 01:59 PM

Originally posted by polarathene View Post

You partially get that with Docker since it uses the host kernel doesn't? So the recent vulnerabilities that got fixed in a kernel would be easy to do security update for vs multiple VMs? I definitely prefer Docker containers over managing updates/conflicts of packages on host system for various projects.

And how many security vulnerabilities are in the kernel, rather than in libraries you'd want to bundle?

**polarathene** · 18 January 2018, 06:51 PM

Originally posted by ssokolow View Post

And how many security vulnerabilities are in the kernel, rather than in libraries you'd want to bundle?

I know of the recent big kernel vulnerabilitiee, not aware of any with libs i use. with container attack surface is reduced by using Alpine Linux as a base at least.

**ssokolow** · 19 January 2018, 05:56 PM

Originally posted by polarathene View Post

I know of the recent big kernel vulnerabilitiee, not aware of any with libs i use. with container attack surface is reduced by using Alpine Linux as a base at least.

Heartbleed was an OpenSSL vulnerability in 2014 and GHOST was a glibc vulnerability in 2015. musl-libc had two CVEs filed against it in 2017, busybox had seven, and Alpine itself had another two. (See also these posts about exploiting those two Alpine CVEs.)

If you want an example of how many vulnerabilities in non-kernel components are discovered and require updates to be applied each week, check places like the Ubuntu security notices page or the LWN.net security alerts database.

**ssokolow** · 19 January 2018, 06:03 PM

Ping! The spam filter flagged my pile of links to example CVEs as potential spam.

EDIT: Fixed.

**gameplayer** · 05 February 2018, 03:31 AM

Here you can download kik on pc.

Announcement

Microsoft Still Loves Git & Continues Working On Improvements

Comment

Comment

Comment

Comment

Comment