The minimal distribution that quietly underpins much of the container world just shipped a round of security maintenance. Alpine Linux pushed 3.22.5 and 3.23.5 as stable point releases, rolling up fixes that matter most to anyone running Alpine as a Docker base image, on a self-hosted server, or on low-power single-board hardware.
The headline change is OpenSSL, with both releases pulling in the upstream patches from the June 9, 2026 advisory. That advisory covers a batch of tracked flaws ranging from CVE-2026-34180 through several entries in the 42xxx and 45xxx series, all resolved in the updated packages. Because Alpine images sit at the bottom of so many container stacks, a TLS library fix here propagates into a long tail of downstream builds, which is exactly why a rebuild is worth doing rather than deferring.
The releases also address Xen, closing XSA-491 through XSA-494. Those advisories (XSA-492, XSA-493, and XSA-494) are hypervisor-level fixes relevant if you run Alpine as a dom0 or as virtualization host, less so for the typical edge or container deployment.
Both point releases are drop-in for their respective branches, so existing systems update in place with apk update && apk upgrade and no reinstall. The musl and BusyBox foundation that keeps a base install near 8 MB makes Alpine a natural fit for Raspberry Pi and other ARM single-board computers, and these builds keep that footprint intact while landing the patches. Full change details live in the git log for each branch.
