fix: fix for CVE-2021-3520, CVE-2021-33560, CVE-2021-20231, CVE-2021-…

…20305, CVE-2021-20305 (#1684)
nginxinc · Jun 22, 2021 · 7527553 · 7527553
1 parent 3bc05bf
commit 7527553
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/.gitignore b/.gitignore
@@ -54,3 +54,6 @@ site/
 venv/
 
 dist/
+
+# trivy container scanning cache
+.trivycache/
diff --git a/build/Dockerfile b/build/Dockerfile
@@ -40,8 +40,8 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
 	--mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
 	apt-get update \
 	&& apt-get install --no-install-recommends --no-install-suggests -y ca-certificates gnupg curl apt-transport-https libcap2-bin \
-	# temporary fix for https://security-tracker.debian.org/tracker/CVE-2021-3520
-	&& apt-get install -y liblz4-1 \
+	# temporary fix for CVE-2021-3520, CVE-2021-33560, CVE-2021-20231, CVE-2021-20305, CVE-2021-20305
+	&& apt-get install -y liblz4-1 libgcrypt20 libgnutls30 libhogweed4 libnettle6 \
 	&& curl -sSL https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor > /etc/apt/trusted.gpg.d/nginx_signing.gpg \
 	&& curl -sSL -o /etc/apt/apt.conf.d/90pkgs-nginx https://cs.nginx.com/static/files/90pkgs-nginx \
 	&& printf "%s\n" "Acquire::https::pkgs.nginx.com::User-Agent  \"k8s-ic-$IC_VERSION-apt\";" >> /etc/apt/apt.conf.d/90pkgs-nginx \