From 34688df0630abc1e4bcac6d3733e081f3ad49496 Mon Sep 17 00:00:00 2001
From: Anish Ramasekar <anish.ramasekar@gmail.com>
Date: Mon, 11 Oct 2021 10:55:05 -0700
Subject: [PATCH] security: fix CVE-2021-37750 (#200)

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
---
 docker/proxy-init.Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docker/proxy-init.Dockerfile b/docker/proxy-init.Dockerfile
index 765f9c2..fe77eac 100644
--- a/docker/proxy-init.Dockerfile
+++ b/docker/proxy-init.Dockerfile
@@ -1,7 +1,8 @@
 FROM --platform=${TARGETPLATFORM:-linux/amd64} k8s.gcr.io/build-image/debian-iptables:bullseye-v1.0.0
 
 # upgrading libssl1.1 due to CVE-2021-3711
-RUN clean-install ca-certificates libssl1.1
+# upgrading libgssapi-krb5-2 and libk5crypto3 due to CVE-2021-37750
+RUN clean-install ca-certificates libssl1.1 libgssapi-krb5-2 libk5crypto3
 COPY ./init/init-iptables.sh /bin/
 RUN chmod +x /bin/init-iptables.sh
 # Kubernetes runAsNonRoot requires USER to be numeric