From a440853ba1939fb05865da375737aff796454453 Mon Sep 17 00:00:00 2001 From: Vinayak Bhardwaj Date: Tue, 17 Mar 2026 21:07:22 +0530 Subject: [PATCH 1/2] fix: upgrade docker base image to 29.2.1-dind to remediate CVE-2025-15558 Upgrades docker base image from 28.1.1-dind to 29.2.1-dind in Linux Dockerfiles (amd64 and arm64) to resolve CVE-2025-15558 in github.com/docker/cli@v28.0.4. The vulnerability is fixed in v29.2.0+. Fixes: CI-21415 CVE: CVE-2025-15558 Severity: High Package: github.com/docker/cli Fixed-in: v29.2.0 --- docker/docker/Dockerfile.linux.amd64 | 2 +- docker/docker/Dockerfile.linux.arm64 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/docker/Dockerfile.linux.amd64 b/docker/docker/Dockerfile.linux.amd64 index aaf0049..94360ff 100644 --- a/docker/docker/Dockerfile.linux.amd64 +++ b/docker/docker/Dockerfile.linux.amd64 @@ -1,4 +1,4 @@ -FROM docker:28.1.1-dind +FROM docker:29.2.1-dind ENV DOCKER_HOST=unix:///var/run/docker.sock diff --git a/docker/docker/Dockerfile.linux.arm64 b/docker/docker/Dockerfile.linux.arm64 index 624f01b..a04192a 100644 --- a/docker/docker/Dockerfile.linux.arm64 +++ b/docker/docker/Dockerfile.linux.arm64 @@ -1,4 +1,4 @@ -FROM arm64v8/docker:28.1.1-dind +FROM arm64v8/docker:29.2.1-dind ENV DOCKER_HOST=unix:///var/run/docker.sock From 17ea7a9e0b0ad37e9a1845b5e013738212ea0314 Mon Sep 17 00:00:00 2001 From: Vinayak Bhardwaj Date: Tue, 17 Mar 2026 21:11:36 +0530 Subject: [PATCH 2/2] fix: upgrade docker base image to 29.3.0-dind to remediate CVE-2025-15558 Updates docker base image from 29.2.1-dind to 29.3.0-dind after verifying that 29.2.1-dind still contained docker/cli@v29.1.5 (vulnerable). Only docker:29.3.0-dind ships with docker/cli >= v29.2.0 which contains the fix. Fixes: CI-21415 CVE: CVE-2025-15558 Package: github.com/docker/cli Verified-clean-with: Trivy scan of docker:29.3.0-dind --- docker/docker/Dockerfile.linux.amd64 | 2 +- docker/docker/Dockerfile.linux.arm64 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/docker/Dockerfile.linux.amd64 b/docker/docker/Dockerfile.linux.amd64 index 94360ff..f53ae13 100644 --- a/docker/docker/Dockerfile.linux.amd64 +++ b/docker/docker/Dockerfile.linux.amd64 @@ -1,4 +1,4 @@ -FROM docker:29.2.1-dind +FROM docker:29.3.0-dind ENV DOCKER_HOST=unix:///var/run/docker.sock diff --git a/docker/docker/Dockerfile.linux.arm64 b/docker/docker/Dockerfile.linux.arm64 index a04192a..8cd2c05 100644 --- a/docker/docker/Dockerfile.linux.arm64 +++ b/docker/docker/Dockerfile.linux.arm64 @@ -1,4 +1,4 @@ -FROM arm64v8/docker:29.2.1-dind +FROM arm64v8/docker:29.3.0-dind ENV DOCKER_HOST=unix:///var/run/docker.sock