Security researcher Max Justicz has discovered several flaws in the distribution Alpine Linux, including an arbitrary code execution.
Alpine Linux is an independent, non-commercial, general purpose Linux distribution that is heavily used in containers, including Docker.
Alpine Linux is based on musl libc and busybox, it is a tiny distro and is optimized to manage resources, it is known also for fast boot times.
The experts discovered several vulnerabilities in the APK, the default package manager in Alpine. The most severe bug discovered by Max Justicz could be exploited by an attacker to carry out a man-in-the-middle attack to execute arbitrary code on the user’s machine.
Full Article.