This is an automated email from the ASF dual-hosted git repository.

kezhenxu94 pushed a commit to branch cves/bump-busybox-cve-2025-60876
in repository https://gitbox.apache.org/repos/asf/skywalking-satellite.git

commit 8b6de462c11306f86a74998441f504a94cf1e9b6
Author: kezhenxu94 <[email protected]>
AuthorDate: Mon May 18 14:21:11 2026 +0800

    cves: bump busybox to 1.37.0-r31 to fix CVE-2025-60876
    
    Add Alpine edge/main repository to install busybox>=1.37.0-r31 which
    contains the fix for CVE-2025-60876 (MEDIUM). The fix is not yet
    backported to alpine:3.23 stable, so we pin busybox from the edge
    repository.
    
    Note: golang.org/x/net was already bumped to v0.53.0 in PR #253,
    fixing CVE-2026-33814.
---
 docker/Dockerfile | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index c96c0be..d944687 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -30,9 +30,11 @@ RUN mv 
/src/bin/skywalking-satellite-${VERSION}-linux-${TARGETARCH} /src/bin/sky
 
 FROM alpine:3.23
 
-RUN apk update --no-cache && \
+RUN echo '@edge https://dl-cdn.alpinelinux.org/alpine/edge/main' >> 
/etc/apk/repositories && \
+    apk update --no-cache && \
     apk upgrade --no-cache && \
-    apk add --no-cache ca-certificates "libssl3>=3.3.7-r0" 
"libcrypto3>=3.3.7-r0" "musl>=1.2.5-r11"
+    apk add --no-cache ca-certificates "libssl3>=3.3.7-r0" 
"libcrypto3>=3.3.7-r0" "musl>=1.2.5-r11" \
+        "busybox@edge>=1.37.0-r31" "busybox-binsh@edge>=1.37.0-r31" 
"ssl_client@edge>=1.37.0-r31"
 
 VOLUME /skywalking/configs
 

Reply via email to