3 # Upgrade specific system libraries to fix CVE vulnerabilities
7 # For CVE-2016-7167 CVE-2016-7141
9 # For 2018-5709 CVE-2017-15088 CVE-2017-11462
13 # For CVE-2016-7943 CVE-2016-7942
14 # libxml2 2.9.4+dfsg1-6.1
19 # For CVE-2017-12837 CVE-2017-12883
21 # For CVE-2017-1000158
22 # libsqlite3-0 3.23.1-1
25 # CVE-2016-3418 CVE-2016-0694 CVE-2016-0692 CVE-2016-0689 CVE-2016-0682
26 # libcairo2 libcairo-gobject2
28 # libc-bin libc6 multiarch-support
29 # CVE-2018-1000001 CVE-2017-16997 CVE-2017-1000366 CVE-2015-5180 CVE-2016-5417 CVE-2018-6485 CVE-2017-15804 CVE-2017-15670 CVE-2014-9984 CVE-2014-9761 CVE-2015-8983 CVE-2015-8982
30 # libgtk2.0-0 libgtk2.0-common
33 # CVE-2015-8947 CVE-2016-2052
37 # CVE-2018-6003 CVE-2017-10790
39 # CVE-2016-7946 CVE-2016-7945
47 # CVE-2016-9843 CVE-2016-9841 CVE-2016-9842 CVE-2016-9840
49 RUN echo "deb http://deb.debian.org/debian stretch main" >> /etc/apt/sources.list && \
50 echo "deb http://deb.debian.org/debian stretch-updates main" >> /etc/apt/sources.list && \
51 echo "deb http://security.debian.org stretch/updates main" >> /etc/apt/sources.list && \
52 echo "deb http://deb.debian.org/debian buster main" >> /etc/apt/sources.list && \
53 echo "deb http://deb.debian.org/debian buster-updates main" >> /etc/apt/sources.list && \
54 echo "deb http://security.debian.org buster/updates main" >> /etc/apt/sources.list && \
55 apt-get -y update && \
56 apt-get -y --no-install-recommends install \
95 apt-get -y autoremove && \
96 update-alternatives --set java /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java && \
97 curl -L https://omnitruck.chef.io/install.sh | bash