Skip to content

Commit b2c1900

Browse files
lucacomelucacome
authored
Update packages for CVEs (#2560)
1 parent a14d15f commit b2c1900

File tree

1 file changed

+10
-4
lines changed

1 file changed

+10
-4
lines changed

build/Dockerfile

+10-4
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,8 @@ FROM nginx:1.21.6 AS debian
99

1010
RUN apt-get update \
1111
&& apt-get install --no-install-recommends --no-install-suggests -y libcap2-bin \
12-
# temporary fix for CVE-2022-22822
13-
&& apt-get install -y libexpat1 \
12+
# temp fix for CVE-2022-0891, CVE-2021-33574, CVE-2021-3997 and CVE-2022-23308
13+
&& apt-get install -y libtiff5 libc6 libc-bin libxml2 libsystemd0 libudev1 \
1414
&& rm -rf /var/lib/apt/lists/* \
1515
&& echo $NGINX_VERSION > nginx_version
1616

@@ -20,8 +20,8 @@ RUN apt-get update \
2020
FROM docker.io/library/nginx:1.21.6-alpine AS alpine
2121

2222
RUN apk add --no-cache libcap \
23-
# temporary fix for CVE-2021-42374
24-
&& apk upgrade --no-cache busybox
23+
# temporary fix for CVE-2022-0778 and CVE-2018-25032
24+
&& apk upgrade --no-cache libretls zlib
2525

2626

2727
############################################# Base image for Alpine with NGINX Plus #############################################
@@ -74,6 +74,8 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
7474
&& apt-get update \
7575
&& apt-get install --no-install-recommends --no-install-suggests -y \
7676
nginx-plus-module-appprotect app-protect app-protect-attack-signatures app-protect-threat-campaigns \
77+
# temp fix for CVE-2021-43618
78+
&& apt-get install -y libgmp10 \
7779
&& apt-get purge --auto-remove -y apt-transport-https gnupg curl \
7880
&& rm -rf /var/lib/apt/lists/* \
7981
&& rm /etc/apt/sources.list.d/nginx-app-protect.list
@@ -95,6 +97,8 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
9597
&& printf "%s\n" "deb https://pkgs.nginx.com/app-protect-dos/${NGINX_PLUS_VERSION^^}/debian ${DEBIAN_VERSION} nginx-plus" > /etc/apt/sources.list.d/nginx-app-protect-dos.list \
9698
&& apt-get update \
9799
&& apt-get -y install app-protect-dos \
100+
# temp fix for CVE-2021-43618
101+
&& apt-get install -y libgmp10 \
98102
&& rm -rf /var/lib/apt/lists/* \
99103
&& rm /etc/apt/sources.list.d/nginx-app-protect-dos.list
100104

@@ -131,6 +135,8 @@ LABEL name="NGINX Ingress Controller" \
131135
io.openshift.tags="nginx,ingress-controller,ingress,controller,kubernetes,openshift"
132136

133137
RUN dnf --nodocs install -y shadow-utils ca-certificates \
138+
# temp fix for CVE-2022-0778
139+
&& dnf --nodocs upgrade -y openssl-libs \
134140
&& groupadd --system --gid 101 nginx \
135141
&& useradd --system --gid nginx --no-create-home --home-dir /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx
136142

0 commit comments

Comments
 (0)