Skip to content

Commit 302e2bf

Browse files
lucacomeciarams87
lucacome
and
ciarams87
authored
Update packages for CVEs - 2.4 (#3176)
Update packages for CVEs Co-authored-by: Ciara Stacke <18287516+ciarams87@users.noreply.github.com>
1 parent ba18501 commit 302e2bf

File tree

1 file changed

+4
-6
lines changed

1 file changed

+4
-6
lines changed

build/Dockerfile

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -16,8 +16,6 @@ FROM nginx:1.23.1 AS debian
1616
RUN --mount=type=bind,from=opentracing-lib,target=/tmp/ot/ \
1717
apt-get update \
1818
&& apt-get install --no-install-recommends --no-install-suggests -y libcap2-bin \
19-
# temp fix for CVE-2022-40674
20-
&& apt-get install -y libexpat1 \
2119
&& rm -rf /var/lib/apt/lists/* \
2220
&& cp -av /tmp/ot/usr/local/lib/libopentracing.so* /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \
2321
&& cp -av /tmp/ot/usr/lib/nginx/modules/ngx_http_opentracing_module.so /usr/lib/nginx/modules/ \
@@ -30,8 +28,8 @@ FROM nginx:1.23.1-alpine AS alpine
3028

3129
RUN --mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ot/ \
3230
apk add --no-cache libcap libstdc++ \
33-
# temp fix for CVE-2022-3209 and CVE-2022-35252
34-
&& apk upgrade --no-cache libxml2 curl libcurl \
31+
# temp fix for CVE-2022-40303
32+
&& apk upgrade --no-cache libxml2 \
3533
&& cp -av /tmp/ot/usr/local/lib/libopentracing.so* /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \
3634
&& cp -av /tmp/ot/usr/lib/nginx/modules/ngx_http_opentracing_module.so /usr/lib/nginx/modules/ \
3735
&& ldconfig /usr/local/lib/
@@ -91,8 +89,8 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
9189
&& printf "%s\n" "deb https://pkgs.nginx.com/app-protect/${NGINX_PLUS_VERSION}/debian ${DEBIAN_VERSION} nginx-plus" \
9290
"deb https://pkgs.nginx.com/app-protect-security-updates/debian ${DEBIAN_VERSION} nginx-plus" > /etc/apt/sources.list.d/nginx-app-protect.list \
9391
&& apt-get update \
94-
# temp fix for CVE-2022-37434 and DLA-3112-1
95-
&& apt-get install zlib1g libbz2-1.0 \
92+
# temp fix for CVE-2021-33574
93+
&& apt-get install libc6 libc-bin \
9694
&& apt-get install --no-install-recommends --no-install-suggests -y app-protect app-protect-attack-signatures app-protect-threat-campaigns \
9795
&& apt-get purge --auto-remove -y curl; \
9896
fi \

0 commit comments

Comments
 (0)