From 18d86a017bee15ebee0cb783f4c854235ec7625b Mon Sep 17 00:00:00 2001
From: strtgbb <146047128+strtgbb@users.noreply.github.com>
Date: Mon, 12 Jan 2026 13:00:08 -0500
Subject: [PATCH] ensure gpgv is latest version in ubuntu docker image

---
 docker/server/Dockerfile.ubuntu | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docker/server/Dockerfile.ubuntu b/docker/server/Dockerfile.ubuntu
index dc9c786c115e..278f3b2cd489 100644
--- a/docker/server/Dockerfile.ubuntu
+++ b/docker/server/Dockerfile.ubuntu
@@ -15,6 +15,7 @@ ARG apt_archive="http://archive.ubuntu.com"
 # We do that in advance at the begining of Dockerfile before any packages will be
 # installed to prevent picking those uid / gid by some unrelated software.
 # The same uid / gid (101) is used both for alpine and ubuntu.
+# Update gpgv to resolve CVE-2025-68973
 RUN sed -i "s|http://archive.ubuntu.com|${apt_archive}|g" /etc/apt/sources.list \
     && groupadd -r clickhouse --gid=101 \
     && useradd -r -g clickhouse --uid=101 --home-dir=/var/lib/clickhouse --shell=/bin/bash clickhouse \
@@ -25,6 +26,7 @@ RUN sed -i "s|http://archive.ubuntu.com|${apt_archive}|g" /etc/apt/sources.list
         locales \
         tzdata \
         wget \
+        gpgv \
     && busybox --install -s \
     && rm -rf /var/lib/apt/lists/* /var/cache/debconf /tmp/*