Skip to content

Commit fe5915e

Browse files
alexander-smolyakovalexander-smolyakov
authored
[base-alpine] Update sudo package due to CVE-2023-27320 (devcontainers#505)
* [base-alpine] Update sudo package due to CVE-2023-27320 - Updated Dockerfile to install latest sudo package version - Added test to verify sudo minimum version * Dockerfile: Add if condition for variant arg * Test: Replace `sudo --version` with `apk info sudo` * Dockerfile: Restore value for `VARIANT` arg
1 parent a095c47 commit fe5915e

File tree

2 files changed

+11
-3
lines changed

2 files changed

+11
-3
lines changed

src/base-alpine/.devcontainer/Dockerfile

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,11 @@
22
ARG VARIANT=3.17
33
FROM alpine:${VARIANT}
44

5-
# ** [Optional] Uncomment this section to install additional packages. **
6-
# RUN apk update \
7-
# && apk add --no-cache <your-package-list-here>
5+
ARG VARIANT
6+
7+
# Temporary: Upgrade packages due to mentioned CVEs
8+
RUN if [[ "$VARIANT" == "3.14" || "$VARIANT" == "3.15" ]]; then \
9+
apk update \
10+
# https://security.alpinelinux.org/vuln/CVE-2023-27320
11+
&& apk add sudo>=1.9.12-r1 --repository https://dl-cdn.alpinelinux.org/alpine/latest-stable/community ; \
12+
fi

src/base-alpine/test-project/test.sh

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,5 +18,8 @@ check "gitconfig-contains-name" sh -c "cat /etc/gitconfig | grep 'name = devcont
1818

1919
check "usr-local-etc-config-does-not-exist" test ! -f "/usr/local/etc/gitconfig"
2020

21+
sudo_version=$(apk info sudo | head -1 | grep -Po "sudo-\K(.*)(?=\s)")
22+
check-version-ge "sudo-requirement" "${sudo_version}" "1.9.12_p2-r1"
23+
2124
# Report result
2225
reportResults

0 commit comments

Comments
 (0)