Merge pull request #607 from andyzhangx/fix-CVE-2021-3996

andyzhangx · web-flow · commit 3de1242fcb62 · 2022-01-25T22:37:11.000+08:00
fix: CVE-2021-3996 in image build
diff --git a/pkg/blobplugin/Dockerfile b/pkg/blobplugin/Dockerfile
@@ -12,15 +12,15 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM k8s.gcr.io/build-image/debian-base:bullseye-v1.0.0
+FROM k8s.gcr.io/build-image/debian-base:bullseye-v1.1.0
 
 ARG ARCH=amd64
 COPY ./_output/${ARCH}/blobplugin /blobplugin
 
 RUN apt update && apt-mark unhold libcap2
 RUN clean-install ca-certificates uuid-dev util-linux mount udev wget e2fsprogs nfs-common netbase
 # install updated packages to fix CVE issues
-RUN clean-install libssl1.1 libgssapi-krb5-2 libk5crypto3 libkrb5-3 libkrb5support0 libgmp10
+RUN clean-install libgmp10 bsdutils
 RUN mkdir /blobfuse-proxy/
 COPY ./_output/blobfuse-proxy.deb /blobfuse-proxy/
 # for compatibility, remove this after v1.6.0 release (todo)
