From 5ad0adf7194b67e345d189a7709b5d3d951bf76b Mon Sep 17 00:00:00 2001 From: gahusb Date: Mon, 1 Jun 2026 17:35:39 +0900 Subject: [PATCH] =?UTF-8?q?fix(security):=20nginx=20CVE-2026-9256=20?= =?UTF-8?q?=EC=B6=94=EA=B0=80=20=EB=8C=80=EC=9D=91=20=E2=80=94=201.30.1=20?= =?UTF-8?q?=E2=86=92=201.30.2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CVE-2026-9256(nginx-poolslip, ngx_http_rewrite_module 힙 오버플로우)는 영향 범위가 ~1.31.0으로 넓어 1.30.1은 여전히 취약, stable은 1.30.2+에서 수정. 1.30.2-alpine로 상향해 CVE-2026-42945 + CVE-2026-9256 둘 다 커버. Co-Authored-By: Claude Opus 4.8 (1M context) --- docker-compose.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index ea8ea1a..6f87fe9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -380,9 +380,11 @@ services: retries: 3 frontend: - # CVE-2026-42945 (NGINX Rift, ngx_http_rewrite_module heap overflow, CVSS 9.2) - # 대응: 미고정 nginx:alpine → 패치 stable 버전 고정 (fix in 1.30.1 / 1.31.0) - image: nginx:1.30.1-alpine + # ngx_http_rewrite_module 힙 오버플로우 2건 대응 (미고정 nginx:alpine → 패치 stable 고정) + # - CVE-2026-42945 (NGINX Rift, CVSS 9.2): fixed in 1.30.1+ / 1.31.0+ + # - CVE-2026-9256 (nginx-poolslip, 영향 ~1.31.0): fixed in 1.30.2+ / 1.31.1+ + # → 둘 다 커버하는 최소 stable = 1.30.2 + image: nginx:1.30.2-alpine container_name: frontend restart: unless-stopped depends_on: