From 1447537c91675b11b78f2651a061fe3c30f7370f Mon Sep 17 00:00:00 2001 From: Gary Wu Date: Wed, 11 Apr 2018 15:37:14 -0700 Subject: [PATCH] Fix library CVEs in sdc-kibana Upgrade library versions to address the following CVE vulnerabilities: bash 4.4.18-2 For CVE-2016-0634 CVE-2016-7543 curl 7.58.0-2 For CVE-2016-7167 CVE-2016-7141 krb5 1.16-2 For CVE-2018-5709 CVE-2017-15088 CVE-2017-11462 openssl 1.1.0h-2 For CVE-2016-8610 CVE-2017-3731 CVE-2016-6302 CVE-2016-2181 CVE-2016-2179 CVE-2016-2180 CVE-2016-2109 CVE-2016-2106 CVE-2016-2105 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2176 perl 5.26.2-2 For CVE-2017-12837 CVE-2017-12883 systemd 238-4 For CVE-2017-1000082 CVE-2017-9445 CVE-2017-9217 wget 1.19.4-1 For CVE-2017-13090 CVE-2017-13089 CVE-2016-7098 libdb5.3 CVE-2016-3418 CVE-2016-0694 CVE-2016-0692 CVE-2016-0689 CVE-2016-0682 libc-bin libc6 multiarch-support CVE-2018-1000001 CVE-2017-16997 CVE-2017-1000366 CVE-2015-5180 CVE-2016-5417 CVE-2018-6485 CVE-2017-15804 CVE-2017-15670 CVE-2014-9984 CVE-2014-9761 CVE-2015-8983 CVE-2015-8982 libgnutls-deb0-28 CVE-2017-5335 CVE-2017-5337 CVE-2017-5334 libgcrypt20 CVE-2017-0379 libtasn1-6 CVE-2018-6003 CVE-2017-10790 libldap-2.4-2 CVE-2017-17740 libpcre3 CVE-2015-3217 passwd CVE-2017-12424 zlib1g CVE-2016-9843 CVE-2016-9841 CVE-2016-9842 CVE-2016-9840 Change-Id: Ia284cb8fb155d8ffc5805ff095ff9612c42aa6f6 Issue-ID: SDC-1205 Signed-off-by: Gary Wu --- base_sdc-kibana/Dockerfile | 60 +++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 57 insertions(+), 3 deletions(-) diff --git a/base_sdc-kibana/Dockerfile b/base_sdc-kibana/Dockerfile index 76d2d11..977ef73 100644 --- a/base_sdc-kibana/Dockerfile +++ b/base_sdc-kibana/Dockerfile @@ -1,8 +1,62 @@ FROM kibana:4.3.3 -RUN apt-get -y update && apt-get -y install \ - curl=7.38.0-4+deb8u10 \ - vim=2:7.4.488-7+deb8u3 +# Upgrade specific system libraries to fix CVE vulnerabilities +# bash 4.4.18-2 +# For CVE-2016-0634 CVE-2016-7543 +# curl 7.58.0-2 +# For CVE-2016-7167 CVE-2016-7141 +# krb5 1.16-2 +# For CVE-2018-5709 CVE-2017-15088 CVE-2017-11462 +# openssl 1.1.0h-2 +# For CVE-2016-8610 CVE-2017-3731 CVE-2016-6302 CVE-2016-2181 CVE-2016-2179 CVE-2016-2180 CVE-2016-2109 CVE-2016-2106 CVE-2016-2105 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2176 +# perl 5.26.2-2 +# For CVE-2017-12837 CVE-2017-12883 +# systemd 238-4 +# For CVE-2017-1000082 CVE-2017-9445 CVE-2017-9217 +# wget 1.19.4-1 +# For CVE-2017-13090 CVE-2017-13089 CVE-2016-7098 +# libdb5.3 +# CVE-2016-3418 CVE-2016-0694 CVE-2016-0692 CVE-2016-0689 CVE-2016-0682 +# libc-bin libc6 multiarch-support +# CVE-2018-1000001 CVE-2017-16997 CVE-2017-1000366 CVE-2015-5180 CVE-2016-5417 CVE-2018-6485 CVE-2017-15804 CVE-2017-15670 CVE-2014-9984 CVE-2014-9761 CVE-2015-8983 CVE-2015-8982 +# libgnutls30 +# CVE-2017-5335 CVE-2017-5337 CVE-2017-5334 +# libgcrypt20 +# CVE-2017-0379 +# libtasn1-6 +# CVE-2018-6003 CVE-2017-10790 +# libldap-2.4-2 +# CVE-2017-17740 +# libpcre3 +# CVE-2015-3217 +# passwd +# CVE-2017-12424 +# zlib1g +# CVE-2016-9843 CVE-2016-9841 CVE-2016-9842 CVE-2016-9840 + +RUN echo "deb http://deb.debian.org/debian buster main" >> /etc/apt/sources.list && \ + echo "deb http://deb.debian.org/debian buster-updates main" >> /etc/apt/sources.list && \ + echo "deb http://security.debian.org buster/updates main" >> /etc/apt/sources.list && \ + apt-get -y update && \ + apt-get -y --no-install-recommends install \ + vim=2:7.4.488-7+deb8u3 vim-common=2:7.4.488-7+deb8u3 vim-runtime=2:7.4.488-7+deb8u3 \ + bash=4.4.18-2 \ + curl=7.58.0-2 libcurl3=7.58.0-2 \ + krb5-locales=1.16-2 libgssapi-krb5-2=1.16-2 libkrb5-3=1.16-2 libkrb5support0=1.16-2 \ + openssl=1.1.0h-2 \ + perl-base=5.26.2-3 \ + systemd=238-4 \ + wget=1.19.4-1 \ + libdb5.3=5.3.28-13.1+b1 \ + libc-bin=2.27-3 libc6=2.27-3 multiarch-support=2.27-3 \ + libgnutls30=3.5.18-1 \ + libgcrypt20=1.8.2-2 \ + libtasn1-6=4.13-2 \ + libldap-2.4-2=2.4.45+dfsg-1 \ + libpcre3=2:8.39-9 \ + passwd=1:4.5-1 \ + zlib1g=1:1.2.8.dfsg-5 && \ + apt-get -y autoremove # install chef-solo RUN curl -L https://omnitruck.chef.io/install.sh | bash -- 2.16.6