fix: update Dockerfiles to address CVEs by adding musl and curl packages

bunkerity · Feb 17, 2025 · 1ebaed3 · 1ebaed3
1 parent c295f06
commit 1ebaed3
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 0 deletions.
diff --git a/src/autoconf/Dockerfile b/src/autoconf/Dockerfile
@@ -44,6 +44,7 @@ RUN apk add --no-cache bash tzdata && \
 
 # Fix CVEs
 RUN apk add --no-cache "libssl3>=3.3.3-r0" "libcrypto3>=3.3.3-r0" # CVE-2024-12797
+RUN apk add --no-cache "musl>=1.2.5-r9" "musl-utils>=1.2.5-r9" # CVE-2025-26519
 
 # Copy dependencies
 COPY --from=builder --chown=0:101 /usr/share/bunkerweb /usr/share/bunkerweb

diff --git a/src/bw/Dockerfile b/src/bw/Dockerfile
@@ -52,6 +52,8 @@ RUN apk add --no-cache openssl pcre bash python3 yajl geoip libxml2 libgd curl t
 
 # Fix CVEs
 RUN apk add --no-cache "openssl>=3.3.3-r0" "libssl3>=3.3.3-r0" "libcrypto3>=3.3.3-r0" # CVE-2024-12797
+RUN apk add --no-cache "curl>=8.12.0-r0" "libcurl>=8.12.0-r0" # CVE-2025-0725 CVE-2025-0167 CVE-2025-0665
+RUN apk add --no-cache "musl>=1.2.5-r1" "musl-utils>=1.2.5-r1" # CVE-2025-26519
 
 # Copy dependencies
 COPY --from=builder --chown=0:101 /usr/share/bunkerweb /usr/share/bunkerweb

diff --git a/src/scheduler/Dockerfile b/src/scheduler/Dockerfile
@@ -47,6 +47,7 @@ RUN apk add --no-cache bash unzip libgcc libstdc++ libpq openssl libmagic mariad
 
 # Fix CVEs
 RUN apk add --no-cache "openssl>=3.3.3-r0" "libssl3>=3.3.3-r0" "libcrypto3>=3.3.3-r0" # CVE-2024-12797
+RUN apk add --no-cache "musl>=1.2.5-r9" "musl-utils>=1.2.5-r9" # CVE-2025-26519
 
 
 # Copy dependencies

diff --git a/src/ui/Dockerfile b/src/ui/Dockerfile
@@ -53,6 +53,7 @@ RUN apk add --no-cache bash unzip mariadb-connector-c mariadb-client postgresql-
 
 # Fix CVEs
 RUN apk add --no-cache "libssl3>=3.3.3-r0" "libcrypto3>=3.3.3-r0" # CVE-2024-12797
+RUN apk add --no-cache "musl>=1.2.5-r9" "musl-utils>=1.2.5-r9" # CVE-2025-26519
 
 # Copy dependencies
 COPY --from=builder --chown=0:101 /usr/share/bunkerweb /usr/share/bunkerweb