From 6d758d2011b9a3c01a50cd1584df7677a52efea3 Mon Sep 17 00:00:00 2001
From: Dave Hay <david_hay@uk.ibm.com>
Date: Sun, 5 Sep 2021 15:48:33 +0100
Subject: [PATCH] Update/upgrade Alpine before installing openssl (#981)

Mitigating CVE-2021-3711 and CVE-2021-3712

Signed-off-by: Dave Hay <david_hay@uk.ibm.com>

Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
---
 Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index abe2be0..4e9c9a7 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -22,7 +22,8 @@ RUN apk --no-cache upgrade apk-tools
 
 # Openssl is used by OpenShift tests
 # https://github.com/aquasecurity/kube-bench/issues/535
-RUN apk --no-cache add openssl
+# Ensuring that we update/upgrade before installing openssl, to mitigate CVE-2021-3711 and CVE-2021-3712
+RUN apk update && apk upgrade && apk --no-cache add openssl
 
 # Add glibc for running oc command 
 RUN wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub
-- 
GitLab