Browse Source

upgrade alpine base image v3.12.2->v3.13.3 including upgrade of tor v0.4.4.7-r1->v0.4.4.8-r0 (see below)

> One of these vulnerabilities (TROVE-2021-001) would allow an attacker
> who can send directory data to a Tor instance to force that Tor
> instance to consume huge amounts of CPU.
https://gitweb.torproject.org/tor.git/plain/ChangeLog

https://cve.circl.lu/cve/CVE-2021-28089

https://git.alpinelinux.org/aports/commit/community/tor?id=dc7ce7e4b63c64d11026e307ada830c33d8309a4
Fabian Peter Hammerle 3 years ago
parent
commit
48c53ae15c
1 changed files with 2 additions and 2 deletions
  1. 2 2
      Dockerfile

+ 2 - 2
Dockerfile

@@ -1,7 +1,7 @@
-FROM docker.io/alpine:3.13.2
+FROM docker.io/alpine:3.13.3
 
 ARG GETTEXT_PACKAGE_VERSION=0.20.2-r2
-ARG TOR_PACKAGE_VERSION=0.4.4.7-r1
+ARG TOR_PACKAGE_VERSION=0.4.4.8-r0
 RUN apk add --no-cache \
         tor=$TOR_PACKAGE_VERSION \
         gettext=$GETTEXT_PACKAGE_VERSION \