Add fixes for CVE-2024-5535 and CVE-2024-24790 (#18)

CVE-2024-5535 - alpine openssl cirical vulnerability fixes by requring openssl version > 3.1.6-r0 CVE-2024-24790 - various 'Is' methods not working as expected, fixed by bumping builder image to golang:1.22.5 to include backported fix.
cisco-open · Jul 27, 2024 · 91bf480 · 91bf480
1 parent 9a8982a
commit 91bf480
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/agent/Dockerfile b/agent/Dockerfile
@@ -1,7 +1,7 @@
 ############################
 # STEP 1 build the image for creating the executable
 ############################
-FROM docker.io/library/golang:1.22-alpine3.19 as builder
+FROM docker.io/library/golang:1.22.5-alpine3.19 as builder
 
 # Install git + SSL ca certificates + make
 RUN apk update && apk upgrade && apk add --no-cache git ca-certificates make unzip g++ && update-ca-certificates && apk --no-cache add openssl wget && rm -rf /var/cache/apk/*
@@ -53,6 +53,9 @@ COPY --from=builder /app/synthetic-heart/agent /app/synthetic-heart/agent
 # Create a /tmp/ diretctory (required for go plugin for Unix Domain Socket)
 COPY --from=builder /app/synthetic-heart/.emptyfile /tmp/.emptyfile
 
+# Fix for CVE-2024-5535
+RUN apk add "openssl>3.1.6-r0"
+
 WORKDIR /app/synthetic-heart
 
 # Run the binary.