Skip to content
This repository has been archived by the owner on Oct 12, 2023. It is now read-only.

Commit

Permalink
dockerfile: fix CVE-2020-27350 (#909)
Browse files Browse the repository at this point in the history 
Signed-off-by: Ernest Wong <chuwon@microsoft.com>
  • Loading branch information
Ernest Wong authored Dec 11, 2020
1 parent 05254c4 commit 040eef9
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,10 @@ ARG IMAGE_VERSION
RUN make build

FROM us.gcr.io/k8s-artifacts-prod/build-image/debian-iptables-amd64:v12.1.2 AS nmi
RUN clean-install ca-certificates libssl1.1
# upgrading apt &libapt-pkg5.0 due to CVE-2020-27350
# upgrading libssl1.1 due to CVE-2020-1971
RUN apt-mark unhold apt && \
clean-install ca-certificates apt libapt-pkg5.0 libssl1.1
COPY --from=builder /go/src/github.com/Azure/aad-pod-identity/bin/aad-pod-identity/nmi /bin/
RUN useradd -u 10001 nonroot
USER nonroot
Expand Down

0 comments on commit 040eef9

Please sign in to comment.