light/Dockerfile: patch

CVE-2025-49844

Author: AlyaGomaa

docker/light/Dockerfile

@@ -10,67 +10,57 @@ ENV SLIPS_DIR=/StratosphereLinuxIPS
 SHELL ["/bin/bash", "-c"]
 
 # Install wget and add Zeek and redis repositories to our sources.
-RUN apt update && apt install -y --no-install-recommends \
-    wget \
-    ca-certificates \
-    git \
-    curl \
-    gnupg \
-    lsb-release \
-    software-properties-common \
-    build-essential \
-    file \
-    lsof \
-    iproute2 \
-    tshark \
-    whois \
-    yara \
-    net-tools \
-    less \
-    unzip \
-    python3-certifi \
-    python3-dev \
-    python3-tzlocal \
-    python3-pip \
-    && echo 'deb http://download.opensuse.org/repositories/security:/zeek/xUbuntu_22.04/ /' |  tee /etc/apt/sources.list.d/security:zeek.list \
-    && curl -fsSL https://download.opensuse.org/repositories/security:zeek/xUbuntu_22.04/Release.key | gpg --dearmor |  tee /etc/apt/trusted.gpg.d/security_zeek.gpg > /dev/null \
-    && curl -fsSL https://packages.redis.io/gpg |  gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg \
-    && echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb $(lsb_release -cs) main" > /etc/apt/sources.list.d/redis.list \
-    && apt update \
-    && apt install -y --no-install-recommends --fix-missing \
-    zeek \
-    redis \
+# set -eux for safer builds (stop on error, show commands)
+RUN set -eux; \
+    apt-get update && apt-get install -y --no-install-recommends \
+        ca-certificates gnupg wget curl \
+    && apt-get update && apt-get install -y --no-install-recommends \
+        git lsb-release software-properties-common \
+        build-essential file lsof iproute2 tshark whois yara net-tools less unzip \
+        python3-certifi python3-dev python3-tzlocal python3-pip \
+    && curl -O https://download.redis.io/redis-stable.tar.gz \
+    && tar xzf redis-stable.tar.gz \
+    && cd redis-stable \
+    && make distclean && make MALLOC=libc \
+    && cd .. && rm -rf redis-stable.tar.gz \
+    && echo 'deb http://download.opensuse.org/repositories/security:/zeek/xUbuntu_22.04/ /' \
+        | tee /etc/apt/sources.list.d/security:zeek.list \
+    && curl -fsSL https://download.opensuse.org/repositories/security:zeek/xUbuntu_22.04/Release.key \
+        | gpg --dearmor | tee /etc/apt/trusted.gpg.d/security_zeek.gpg > /dev/null \
+    && apt-get update && apt-get install -y --no-install-recommends --fix-missing zeek \
     && ln -s /opt/zeek/bin/zeek /usr/local/bin/bro \
-    && apt clean \
+    && apt-get clean \
     && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
+ENV PATH="$PATH:/redis-stable/src"
+
 COPY . ${SLIPS_DIR}
 
 WORKDIR ${SLIPS_DIR}
 
 RUN cd modules \
-&& rm -rf \
-	rnn_cc_detection/ \
-	timeline/ \
-	kalipso/ \
-	p2ptrust/ \
-	flowmldetection/ \
-	cyst/ \
-	cesnet/ \
-	exporting_alerts/ \
-	riskiq/ \
-	template/ \
-	blocking/ \
-	virustotal/ \
-&& cd .. \
-&& rm -rf dataset/ docs/  tests/ \
-&& rm kalipso.sh \
-  package.json \
-  pytest.ini \
-  webinterface.sh \
-  CITATION.cff \
-  CHANGELOG.md \
-  conftest.py
+    && rm -rf \
+        rnn_cc_detection/ \
+        timeline/ \
+        kalipso/ \
+        p2ptrust/ \
+        flowmldetection/ \
+        cyst/ \
+        cesnet/ \
+        exporting_alerts/ \
+        riskiq/ \
+        template/ \
+        blocking/ \
+        virustotal/ \
+    && cd .. \
+    && rm -rf dataset/ docs/  tests/ \
+    && rm kalipso.sh \
+      package.json \
+      pytest.ini \
+      webinterface.sh \
+      CITATION.cff \
+      CHANGELOG.md \
+      conftest.py
 
 RUN pip3 install --no-cache-dir --upgrade pip  \
     && grep -v -f docker/light/excluded_libs.txt install/requirements.txt | xargs -n 1 pip install \