Skip to content

Commit 9aeed81

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #316 from andyzhangx/CVE-2022-1271
fix: CVE-2022-1271 in image build
2 parents 700097c + f37e7d2 commit 9aeed81

File tree

1 file changed

+2
-5
lines changed

1 file changed

+2
-5
lines changed

Dockerfile

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -12,15 +12,12 @@
1212
# See the License for the specific language governing permissions and
1313
# limitations under the License.
1414

15-
FROM k8s.gcr.io/build-image/debian-base:bullseye-v1.1.0
15+
FROM k8s.gcr.io/build-image/debian-base:bullseye-v1.2.0
1616

1717
ARG ARCH
1818
ARG binary=./bin/${ARCH}/nfsplugin
1919
COPY ${binary} /nfsplugin
2020

21-
RUN apt update && apt-mark unhold libcap2
22-
RUN clean-install ca-certificates mount nfs-common netbase
23-
# install updated packages to fix CVE issues
24-
RUN clean-install libgmp10 bsdutils libssl1.1 openssl libc6 libc-bin libsystemd0 libudev1 zlib1g
21+
RUN apt update && apt upgrade -y && apt-mark unhold libcap2 && clean-install ca-certificates mount nfs-common netbase
2522

2623
ENTRYPOINT ["/nfsplugin"]

0 commit comments

Comments
 (0)