fix CVE-2020-1971

2020-12-16 15:40:38 +01:00 · 2020-12-16 15:40:38 +01:00 · 9a4f96ad18
commit 9a4f96ad18
parent f258426f55
15 changed files with 45 additions and 15 deletions
--- a/6
+++ b/6
@ -20,10 +20,10 @@ COPY lua/ /opt/lua
 COPY crowdsec/ /opt/crowdsec

 COPY prepare.sh /tmp/prepare.sh
-RUN chmod +x /tmp/prepares.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
+RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh

-# Fix CVE-2020-28928 & CVE-2020-8231
-RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1"
+# Fix CVE-2020-28928, CVE-2020-8231 & CVE-2020-1971
+RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0"

 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache

--- a/6
+++ b/6
@ -20,10 +20,10 @@ COPY lua/ /opt/lua
 COPY crowdsec/ /opt/crowdsec

 COPY prepare.sh /tmp/prepare.sh
-RUN chmod +x /tmp/prepares.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
+RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh

-# Fix CVE-2020-28928 & CVE-2020-8231
-RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1"
+# Fix CVE-2020-28928, CVE-2020-8231 & CVE-2020-1971
+RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0"

 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache

--- a/6
+++ b/6
@ -27,10 +27,10 @@ COPY lua/ /opt/lua
 COPY crowdsec/ /opt/crowdsec

 COPY prepare.sh /tmp/prepare.sh
-RUN chmod +x /tmp/prepares.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
+RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh

-# Fix CVE-2020-28928 & CVE-2020-8231
-RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1"
+# Fix CVE-2020-28928, CVE-2020-8231 & CVE-2020-1971
+RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0"

 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache

--- a/6
+++ b/6
@ -27,10 +27,10 @@ COPY lua/ /opt/lua
 COPY crowdsec/ /opt/crowdsec

 COPY prepare.sh /tmp/prepare.sh
-RUN chmod +x /tmp/prepares.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
+RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh

-# Fix CVE-2020-28928 & CVE-2020-8231
-RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1"
+# Fix CVE-2020-28928, CVE-2020-8231 & CVE-2020-1971
+RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0"

 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache

--- a/6
+++ b/6
@ -20,10 +20,10 @@ COPY lua/ /opt/lua
 COPY crowdsec/ /opt/crowdsec

 COPY prepare.sh /tmp/prepare.sh
-RUN chmod +x /tmp/prepares.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
+RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh

-# Fix CVE-2020-28928 & CVE-2020-8231
-RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1"
+# Fix CVE-2020-28928, CVE-2020-8231 & CVE-2020-1971
+RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0"

 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache

--- a/autoconf/Dockerfile
+++ b/autoconf/Dockerfile
@ -10,6 +10,9 @@ COPY entrypoint/* /opt/entrypoint/
 COPY autoconf/* /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh

+# Fix CVE-2020-1971
+RUN apk add "libcrypto1.1>1.1.1g-r0"
+
 VOLUME /etc/nginx

 ENTRYPOINT ["/opt/entrypoint/entrypoint.py"]
--- a/autoconf/Dockerfile-amd64
+++ b/autoconf/Dockerfile-amd64
@ -10,6 +10,9 @@ COPY entrypoint/* /opt/entrypoint/
 COPY autoconf/* /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh

+# Fix CVE-2020-1971
+RUN apk add "libcrypto1.1>1.1.1g-r0"
+
 VOLUME /etc/nginx

 ENTRYPOINT ["/opt/entrypoint/entrypoint.py"]
--- a/autoconf/Dockerfile-arm32v7
+++ b/autoconf/Dockerfile-arm32v7
@ -17,6 +17,9 @@ COPY entrypoint/* /opt/entrypoint/
 COPY autoconf/* /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh

+# Fix CVE-2020-1971
+RUN apk add "libcrypto1.1>1.1.1g-r0"
+
 VOLUME /etc/nginx

 ENTRYPOINT ["/opt/entrypoint/entrypoint.py"]
--- a/autoconf/Dockerfile-arm64v8
+++ b/autoconf/Dockerfile-arm64v8
@ -17,6 +17,9 @@ COPY entrypoint/* /opt/entrypoint/
 COPY autoconf/* /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh

+# Fix CVE-2020-1971
+RUN apk add "libcrypto1.1>1.1.1g-r0"
+
 VOLUME /etc/nginx

 ENTRYPOINT ["/opt/entrypoint/entrypoint.py"]
--- a/autoconf/Dockerfile-i386
+++ b/autoconf/Dockerfile-i386
@ -10,6 +10,9 @@ COPY entrypoint/* /opt/entrypoint/
 COPY autoconf/* /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh

+# Fix CVE-2020-1971
+RUN apk add "libcrypto1.1>1.1.1g-r0"
+
 VOLUME /etc/nginx

 ENTRYPOINT ["/opt/entrypoint/entrypoint.py"]
--- a/ui/Dockerfile
+++ b/ui/Dockerfile
@ -10,6 +10,9 @@ COPY entrypoint/* /opt/entrypoint/
 COPY ui/ /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh

+# Fix CVE-2020-1971
+RUN apk add "libcrypto1.1>1.1.1g-r0"
+
 VOLUME /etc/nginx

 EXPOSE 5000
--- a/ui/Dockerfile-amd64
+++ b/ui/Dockerfile-amd64
@ -10,6 +10,9 @@ COPY entrypoint/* /opt/entrypoint/
 COPY ui/ /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh

+# Fix CVE-2020-1971
+RUN apk add "libcrypto1.1>1.1.1g-r0"
+
 VOLUME /etc/nginx

 EXPOSE 5000
--- a/ui/Dockerfile-arm32v7
+++ b/ui/Dockerfile-arm32v7
@ -17,6 +17,9 @@ COPY entrypoint/* /opt/entrypoint/
 COPY ui/ /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh

+# Fix CVE-2020-1971
+RUN apk add "libcrypto1.1>1.1.1g-r0"
+
 VOLUME /etc/nginx

 EXPOSE 5000
--- a/ui/Dockerfile-arm64v8
+++ b/ui/Dockerfile-arm64v8
@ -17,6 +17,9 @@ COPY entrypoint/* /opt/entrypoint/
 COPY ui/ /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh

+# Fix CVE-2020-1971
+RUN apk add "libcrypto1.1>1.1.1g-r0"
+
 VOLUME /etc/nginx

 EXPOSE 5000
--- a/ui/Dockerfile-i386
+++ b/ui/Dockerfile-i386
@ -10,6 +10,9 @@ COPY entrypoint/* /opt/entrypoint/
 COPY ui/ /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh

+# Fix CVE-2020-1971
+RUN apk add "libcrypto1.1>1.1.1g-r0"
+
 VOLUME /etc/nginx

 EXPOSE 5000