Skip to content

Commit

Permalink
apk upgrade, apt-get upgrade fixing openssl/libcrypto3 vulns
Browse files Browse the repository at this point in the history
Add apk upgrade and apt upgrade to Dockerfile.

This upgrades openssl/libcrypto3 from 3.1.3-r0 to 3.1.4-r1 fixing
Weak Encryption and Denial of Service:
* https://nvd.nist.gov/vuln/detail/CVE-2023-5363
* https://nvd.nist.gov/vuln/detail/CVE-2023-5678
  • Loading branch information
julianladisch committed Nov 22, 2023
1 parent 69e4087 commit d30d175
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions simple-perl/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,16 @@

FROM alpine

RUN apk add --no-cache perl perl-net-server perl-json perl-cgi perl-lwp-useragent-determined
# Install latest patch versions of packages: https://pythonspeed.com/articles/security-updates-in-docker/
RUN apk upgrade \
&& apk add \
perl perl-net-server perl-json perl-cgi perl-lwp-useragent-determined \
&& rm -rf /var/cache/apk/*

# or:
#FROM perl:slim
#RUN apt-get update && apt-get -y install libnet-server-perl libjson-perl libcgi-pm-perl libmodule-build-perl libwww-perl
## Install latest patch versions of packages: https://pythonspeed.com/articles/security-updates-in-docker/
#RUN apt-get update && apt-get -y upgrade && apt-get -y install libnet-server-perl libjson-perl libcgi-pm-perl libmodule-build-perl libwww-perl
#ENV PERL5LIB /usr/share/perl5

# Set the location of the script
Expand Down

0 comments on commit d30d175

Please sign in to comment.