fix: update Dockerfiles to address CVEs by adding required PostgreSQL client libraries

2026-05-24 09:28:37 +00:00 · 2024-11-18 17:54:08 +01:00 · 2024-11-18 17:54:08 +01:00 · c6fe29fe53
commit c6fe29fe53
parent 2dbd99a181
2 changed files with 2 additions and 0 deletions
--- a/src/scheduler/Dockerfile
+++ b/src/scheduler/Dockerfile
@ -46,6 +46,7 @@ RUN apk add --no-cache bash unzip libgcc libstdc++ libpq openssl libmagic mariad
  adduser -h /var/cache/nginx -g scheduler -s /bin/sh -G scheduler -D -H -u 101 scheduler

 # Fix CVEs
+RUN apk add --no-cache "libpq>=16.5-r0" "postgresql16-client>=16.5-r0" # CVE-2024-10976 CVE-2024-10977 CVE-2024-10978 CVE-2024-10979

 # Cleanup
 RUN rm -rf /var/cache/apk/*
--- a/src/ui/Dockerfile
+++ b/src/ui/Dockerfile
@ -47,6 +47,7 @@ RUN apk add --no-cache bash unzip libmagic mariadb-connector-c mariadb-client po

 # Fix CVEs
 RUN apk add --no-cache "libcrypto3>=3.3.2-r1" "libssl3>=3.3.2-r1" # CVE-2024-9143
+RUN apk add --no-cache "libpq>=16.5-r0" "postgresql16-client>=16.5-r0" # CVE-2024-10976 CVE-2024-10977 CVE-2024-10978 CVE-2024-10979

 # Copy dependencies
 COPY --from=builder --chown=0:101 /usr/share/bunkerweb /usr/share/bunkerweb