Fix CVE-2024-6119 and remove old CVE that are already fixed in the base images

2026-05-24 09:28:37 +00:00 · 2024-09-05 10:06:19 +02:00 · 2024-09-05 10:06:19 +02:00 · f34dd2f4a2
commit f34dd2f4a2
parent 57e73b7413
4 changed files with 4 additions and 7 deletions
--- a/src/autoconf/Dockerfile
+++ b/src/autoconf/Dockerfile
@ -42,8 +42,7 @@ RUN apk add --no-cache bash tzdata && \
  adduser -h /var/cache/autoconf -g autoconf -s /bin/sh -G autoconf -D -H -u 101 autoconf

 # Fix CVEs
-RUN apk add --no-cache "busybox>=1.36.1-r17" "busybox-binsh>=1.36.1-r17" "ssl_client>=1.36.1-r17" # CVE-2023-42363 CVE-2023-42364 CVE-2023-42365 CVE-2023-42366
-RUN apk add --no-cache "libcrypto3>=3.1.6-r0" "libssl3>=3.1.6-r0" # CVE-2024-4741 CVE-2024-5535
+RUN apk add --no-cache "libcrypto3>=3.3.2-r0" "libssl3>=3.3.2-r0" "openssl>=3.3.2-r0" # CVE-2024-6119

 # Copy dependencies
 COPY --from=builder --chown=0:101 /usr/share/bunkerweb /usr/share/bunkerweb
--- a/src/bw/Dockerfile
+++ b/src/bw/Dockerfile
@ -51,8 +51,8 @@ RUN umask 027
 RUN apk add --no-cache openssl pcre bash python3 yajl geoip libxml2 libgd curl tzdata

 # Fix CVEs
-RUN apk add --no-cache "busybox>=1.36.1-r17" "busybox-binsh>=1.36.1-r17" "ssl_client>=1.36.1-r17" # CVE-2023-42363 CVE-2023-42366
 RUN apk add --no-cache "curl>=8.9.1-r0" "libcurl>=8.9.1-r0" "pyc>=3.12.3-r2" "python3>=3.12.3-r2" "python3-pyc>=3.12.3-r2" "python3-pycache-pyc0>=3.12.3-r2" # CVE-2024-7264 CVE-2024-8088
+RUN apk add --no-cache "libcrypto3>=3.3.2-r0" "libssl3>=3.3.2-r0" "openssl>=3.3.2-r0" # CVE-2024-6119

 # Copy dependencies
 COPY --from=builder --chown=0:101 /usr/share/bunkerweb /usr/share/bunkerweb
--- a/src/scheduler/Dockerfile
+++ b/src/scheduler/Dockerfile
@ -46,8 +46,7 @@ RUN apk add --no-cache bash unzip libgcc libstdc++ libpq openssl libmagic mariad
  adduser -h /var/cache/nginx -g scheduler -s /bin/sh -G scheduler -D -H -u 101 scheduler

 # Fix CVEs
-RUN apk add --no-cache "busybox>=1.36.1-r17" "busybox-binsh>=1.36.1-r17" "ssl_client>=1.36.1-r17" # CVE-2023-42363 CVE-2023-42364 CVE-2023-42365 CVE-2023-42366
-RUN apk add --no-cache "libcrypto3>=3.1.6-r0" "libssl3>=3.1.6-r0" "openssl>=3.1.6-r0" # CVE-2024-4741 CVE-2024-5535
+RUN apk add --no-cache "libcrypto3>=3.3.2-r0" "libssl3>=3.3.2-r0" "openssl>=3.3.2-r0" # CVE-2024-6119

 # Cleanup
 RUN rm -rf /var/cache/apk/*
--- a/src/ui/Dockerfile
+++ b/src/ui/Dockerfile
@ -46,8 +46,7 @@ RUN apk add --no-cache bash unzip libmagic mariadb-connector-c mariadb-client po
  adduser -h /var/cache/nginx -g ui -s /bin/bash -G ui -D -H -u 101 ui

 # Fix CVEs
-RUN apk add --no-cache "busybox>=1.36.1-r17" "busybox-binsh>=1.36.1-r17" "ssl_client>=1.36.1-r17" # CVE-2023-42363 CVE-2023-42364 CVE-2023-42365 CVE-2023-42366
-RUN apk add --no-cache "libcrypto3>=3.1.6-r0" "libssl3>=3.1.6-r0" # CVE-2024-4741 CVE-2024-5535
+RUN apk add --no-cache "libcrypto3>=3.3.2-r0" "libssl3>=3.3.2-r0" "openssl>=3.3.2-r0" # CVE-2024-6119

 # Copy dependencies
 COPY --from=builder --chown=0:101 /usr/share/bunkerweb /usr/share/bunkerweb