UID2-6486: Fix CVE-2025-68973 GnuPG out-of-bounds write vulnerability

lizk886 · lizk886 · commit cedb1a5ba8e8 · 2026-01-12T16:31:30.000-08:00
Update system packages in Docker image to address HIGH severity CVE-2025-68973 affecting GnuPG packages (gnupg, dirmngr, gpg, gpg-agent, gpgconf, gpgsm, gpgv, keyboxd). Vulnerability: Out-of-bounds write in armor_filter function that could lead to memory corruption and potential arbitrary code execution.
diff --git a/Dockerfile b/Dockerfile
@@ -3,6 +3,9 @@
 ######################
 FROM maven:3.9.11-eclipse-temurin-21
 
+# UID2-6486: Fix CVE-2025-68973 (GnuPG out-of-bounds write)
+RUN apt-get update && apt-get upgrade -y && rm -rf /var/lib/apt/lists/*
+
 WORKDIR /app
 
 COPY ./pom.xml ./pom.xml
