Alpine Linux has released new stable versions—3.19.9, 3.20.8, 3.21.5, and 3.22.2—which include security fixes for OpenSSL addressing a vulnerability (CVE-2025-9230, CVE-2025-9231, CVE-2025-9232). This issue affects applications trying to decrypt CMS messages encrypted using password-based encryption, potentially leading to denial of service or execution of attacker-supplied code.
Alpine Linux fundamentally caters to advanced users who prioritize security, simplicity, and efficiency as their primary concerns. This lightweight operating system is constructed using the musl libc and BusyBox frameworks, necessitating minimal storage requirements—just 8 MB for a container or 130 MB for a basic installation on disk. This renders it an excellent option for projects requiring a compact yet robust Linux environment.
Alpine Linux is characterized by its simplicity. This distribution features its own package manager, apk, and utilizes the OpenRC init system, offering users a streamlined environment that allows for focused project work without distractions. The binary packages are divided into manageable components, enabling users to customize their installation based on their specific requirements.
Moreover, security has been a primary consideration in the design process of Alpine Linux. All userland binaries are compiled as Position Independent Executables (PIE) with stack smashing protection, which aids in preventing the exploitation of zero-day and other vulnerabilities. This approach guarantees that users can operate with assurance, aware that their environment is safeguarded against potential threats.
The most recent stable releases incorporate security fixes for OpenSSL in response to the advisory dated September 30, 2025 (CVE-2025-9230, CVE-2025-9231, CVE-2025-9232). This vulnerability impacts applications that attempt to decrypt CMS encrypted messages with password-based encryption methods. An out-of-bounds read may result in a crash and denial of service for an application, whereas an out-of-bounds write can lead to memory corruption, which could potentially result in denial of service or the execution of code supplied by an attacker.
Alpine 3.19.9, 3.20.8, 3.21.5, and 3.22.2 released
Recent updates have been released for Alpine Linux, including new stable versions: 3.19.9, 3.20.8, 3.21.5, and 3.22.2. The recent releases demonstrate the project's dedication to delivering a secure, user-friendly, and resource-efficient Linux distribution.Alpine Linux fundamentally caters to advanced users who prioritize security, simplicity, and efficiency as their primary concerns. This lightweight operating system is constructed using the musl libc and BusyBox frameworks, necessitating minimal storage requirements—just 8 MB for a container or 130 MB for a basic installation on disk. This renders it an excellent option for projects requiring a compact yet robust Linux environment.
Alpine Linux is characterized by its simplicity. This distribution features its own package manager, apk, and utilizes the OpenRC init system, offering users a streamlined environment that allows for focused project work without distractions. The binary packages are divided into manageable components, enabling users to customize their installation based on their specific requirements.
Moreover, security has been a primary consideration in the design process of Alpine Linux. All userland binaries are compiled as Position Independent Executables (PIE) with stack smashing protection, which aids in preventing the exploitation of zero-day and other vulnerabilities. This approach guarantees that users can operate with assurance, aware that their environment is safeguarded against potential threats.
The most recent stable releases incorporate security fixes for OpenSSL in response to the advisory dated September 30, 2025 (CVE-2025-9230, CVE-2025-9231, CVE-2025-9232). This vulnerability impacts applications that attempt to decrypt CMS encrypted messages with password-based encryption methods. An out-of-bounds read may result in a crash and denial of service for an application, whereas an out-of-bounds write can lead to memory corruption, which could potentially result in denial of service or the execution of code supplied by an attacker.
While the repercussions of exploiting this vulnerability are significant, the likelihood of success remains low given the infrequent use of password-based encryption in CMS messages. The issue has been evaluated and classified as moderate severity in accordance with Alpine Linux's security policy.
Although the consequences of exploiting this vulnerability are severe, the probability of success is low due to the rarity of using password-based encryption in CMS messages. The issue has been assessed as moderate severity according to Alpine Linux's security policy.
Alpine 3.19.9, 3.20.8, 3.21.5 and 3.22.2 released
Alpine Linux
Alpine 3.19.9, 3.20.8, 3.21.5 and 3.22.2 released | Alpine Linux
