summaryrefslogtreecommitdiffstats
path: root/base_sdc-cassandra/Dockerfile
diff options
context:
space:
mode:
Diffstat (limited to 'base_sdc-cassandra/Dockerfile')
-rw-r--r--base_sdc-cassandra/Dockerfile97
1 files changed, 4 insertions, 93 deletions
diff --git a/base_sdc-cassandra/Dockerfile b/base_sdc-cassandra/Dockerfile
index 5804b0a..776aa70 100644
--- a/base_sdc-cassandra/Dockerfile
+++ b/base_sdc-cassandra/Dockerfile
@@ -1,100 +1,11 @@
FROM cassandra:3.11.4
-# Upgrade specific system libraries to fix CVE vulnerabilities
-# avahi 0.7-3.1
-# For CVE-2017-6519
-# curl 7.58.0-2
-# For CVE-2016-7167 CVE-2016-7141
-# krb5 1.16-2
-# For 2018-5709 CVE-2017-15088 CVE-2017-11462
-# libtiff5 4.0.9-5
-# For CVE-2018-5360
-# libx11 2:1.6.5-1
-# For CVE-2016-7943 CVE-2016-7942
-# libxml2 2.9.4+dfsg1-6.1
-# For CVE-2016-4448
-# libxtst6 2:1.2.3-1
-# For CVE-2016-7951
-# perl 5.26.2-2
-# For CVE-2017-12837 CVE-2017-12883
-# python 2.7.15~rc1-1
-# For CVE-2017-1000158
-# libsqlite3-0 3.23.1-1
-# For CVE-2017-10989
-# libdb5.3
-# CVE-2016-3418 CVE-2016-0694 CVE-2016-0692 CVE-2016-0689 CVE-2016-0682
-# libcairo2 libcairo-gobject2
-# CVE-2017-9814
-# libc-bin libc6 multiarch-support
-# CVE-2018-1000001 CVE-2017-16997 CVE-2017-1000366 CVE-2015-5180 CVE-2016-5417 CVE-2018-6485 CVE-2017-15804 CVE-2017-15670 CVE-2014-9984 CVE-2014-9761 CVE-2015-8983 CVE-2015-8982
-# libgtk2.0-0 libgtk2.0-common
-# CVE-2014-1949
-# libharfbuzz0b
-# CVE-2015-8947 CVE-2016-2052
-# libgcrypt20
-# CVE-2017-0379
-# libtasn1-6
-# CVE-2018-6003 CVE-2017-10790
-# libxi6
-# CVE-2016-7946 CVE-2016-7945
-# libldap-2.4-2
-# CVE-2017-17740
-# libpcre3
-# CVE-2015-3217
-# passwd
-# CVE-2017-12424
-# zlib1g
-# CVE-2016-9843 CVE-2016-9841 CVE-2016-9842 CVE-2016-9840
-RUN sed -i '/deb http:\/\/deb.debian.org\/debian jessie-updates main/d' /etc/apt/sources.list && \
- echo "deb [check-valid-until=no] http://archive.debian.org/debian jessie-backports main" >> /etc/apt/sources.list && \
- echo "deb http://deb.debian.org/debian stretch main" >> /etc/apt/sources.list && \
- echo "deb http://deb.debian.org/debian stretch-updates main" >> /etc/apt/sources.list && \
- echo "deb http://security.debian.org stretch/updates main" >> /etc/apt/sources.list && \
- echo "deb http://deb.debian.org/debian buster main" >> /etc/apt/sources.list && \
- echo "deb http://deb.debian.org/debian buster-updates main" >> /etc/apt/sources.list && \
- echo "deb http://security.debian.org buster/updates main" >> /etc/apt/sources.list && \
- apt-get -o Acquire::Check-Valid-Until=false update && \
- apt-get -y install -t jessie-backports ca-certificates-java && \
- apt-get -y install -t jessie-backports openjdk-8-jre-headless && \
+RUN apt-get -o Acquire::Check-Valid-Until=false update && \
apt-get -y --no-install-recommends install \
- vim \
- vim-runtime \
- apt-utils \
- libavahi-client3 \
- libavahi-common3 \
- curl \
- libcurl4 \
- krb5-locales \
- libgssapi-krb5-2 \
- libkrb5-3 \
- libkrb5support0 \
- libtiff5 \
- libx11-6 \
- libx11-data \
- libx11-xcb1 \
- libxml2 \
- libxtst6 \
- perl \
- python \
- libsqlite3-0 \
- libdb5.3 \
- libcairo2 \
- libcairo-gobject2 \
- libc-bin \
- libc6 \
- multiarch-support \
- libgtk2.0-0 \
- libgtk2.0-common \
- libharfbuzz0b \
- libgcrypt20 \
- libtasn1-6 \
- libxi6 \
- libldap-2.4-2 \
- libpcre3 \
- passwd \
- zlib1g \
- ntp && \
+ perl \
+ python \
+ ntp && \
apt-get -y autoremove && \
update-alternatives --set java /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java && \
curl -L https://omnitruck.chef.io/install.sh | bash -s -- -v 13.8.5