Update liblz4-1 to fix CVE-2021-3520 (#1676)

nginxinc · Jun 21, 2021 · 9498dd5 · 9498dd5
1 parent 86d3f20
commit 9498dd5
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/build/Dockerfile b/build/Dockerfile
@@ -40,6 +40,8 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
 	--mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
 	apt-get update \
 	&& apt-get install --no-install-recommends --no-install-suggests -y ca-certificates gnupg curl apt-transport-https libcap2-bin \
+	# temporary fix for https://security-tracker.debian.org/tracker/CVE-2021-3520
+	&& apt-get install -y liblz4-1 \
 	&& curl -sSL https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor > /etc/apt/trusted.gpg.d/nginx_signing.gpg \
 	&& curl -sSL -o /etc/apt/apt.conf.d/90pkgs-nginx https://cs.nginx.com/static/files/90pkgs-nginx \
 	&& printf "%s\n" "Acquire::https::pkgs.nginx.com::User-Agent  \"k8s-ic-$IC_VERSION-apt\";" >> /etc/apt/apt.conf.d/90pkgs-nginx \