[NPM] [Vulnerability] Resolve Ubuntu CVEs in v1.6.38 Image (#4220)

rayaisaiah · web-flow · commit 1fe4014377cc · 2026-02-11T04:44:58.000Z
* manually resolve ubuntu cves

* updated comment
diff --git a/npm/linux.Dockerfile b/npm/linux.Dockerfile
@@ -8,6 +8,17 @@ RUN MS_GO_NOSYSTEMCRYPTO=1 CGO_ENABLED=0 go build -v -o /usr/local/bin/azure-npm
 
 FROM mcr.microsoft.com/mirror/docker/library/ubuntu:24.04 AS linux
 COPY --from=builder /usr/local/bin/azure-npm /usr/bin/azure-npm
-RUN apt-get update && apt-get install -y iptables ipset ca-certificates && apt-get autoremove -y && apt-get clean
+# Manually patch Ubuntu CVEs:
+# gpgv:      CVE-2025-68973 (HIGH)
+# libc-bin:  CVE-2025-15281, CVE-2026-0861, CVE-2026-0915 (MEDIUM)
+# libc6:     CVE-2025-15281, CVE-2026-0861, CVE-2026-0915 (MEDIUM)
+# libtasn1-6: CVE-2025-13151 (MEDIUM)
+RUN apt-get update && apt-get install -y \
+    iptables ipset ca-certificates \
+    gpgv=2.4.4-2ubuntu17.4 \
+    libc-bin=2.39-0ubuntu8.7 \
+    libc6=2.39-0ubuntu8.7 \
+    libtasn1-6=4.19.0-3ubuntu0.24.04.2 \
+    && apt-get autoremove -y && apt-get clean
 RUN chmod +x /usr/bin/azure-npm
 ENTRYPOINT ["/usr/bin/azure-npm", "start"]
