Update cve post
This commit is contained in:
parent
402ab60e0e
commit
a8a478970e
@ -81,7 +81,7 @@ Disable the offending encodings in the `gconv-modules` config file. This will ei
|
||||
```shell
|
||||
cd gconv-modules.d
|
||||
cat gconv-modules-extra.conf | grep -v -E 'CN-?EXT' > gconv-modules-extra-patched.conf
|
||||
rm gconv-modules-extra.conf
|
||||
mv gconv-modules-extra-patched.conf gconv-modules-extra.conf
|
||||
cd ..
|
||||
```
|
||||
|
||||
@ -109,10 +109,12 @@ For those using Docker images, here's a convenient `Dockerfile` blurb:
|
||||
# Disable vulnerable iconv encodings (CVE-2024-2961)
|
||||
RUN cd /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.d \
|
||||
&& cat gconv-modules-extra.conf | grep -v -E 'CN-?EXT' > gconv-modules-extra-patched.conf \
|
||||
&& rm -f gconv-modules-extra.conf ../gconv-modules.cache \
|
||||
&& mv gconv-modules-extra-patched.conf gconv-modules-extra.conf \
|
||||
&& rm -f ../gconv-modules.cache \
|
||||
&& iconvconfig \
|
||||
&& iconv -l | grep -E 'CN-?EXT' && exit 1 || true
|
||||
```
|
||||
|
||||
That last line contains one of my favorite Dockerfile tricks (`check-something && exit 1 || true`) -- your Docker build will fail if the vulnerable charsets are enabled.
|
||||
|
||||
> A previous version of this post kept `gconv-modules-extra-patched.conf`. Thanks to Anonymous for pointing out that a subsequent RPM update could re-introduce the file.
|
||||
|
Loading…
Reference in New Issue
Block a user