From f2da63dbece0e4b1d7058a9ccc9cbf7934ce2c8c Mon Sep 17 00:00:00 2001 From: Gary Wu Date: Mon, 7 May 2018 17:21:22 -0700 Subject: Fix additional library CVEs in sdc-docker-base Fix CVEs around the following packages: binutils jq libtasn1 libpng curl libcurl Change-Id: Ib9b8419e3f35072a43bdc88a92255ee6f8968943 Issue-ID: SDC-1310 Signed-off-by: Gary Wu --- base_sdc-cqlsh/Dockerfile | 5 ++++- base_sdc-elasticsearch/Dockerfile | 5 ++++- base_sdc-jetty/Dockerfile | 5 ++++- base_sdc-python/Dockerfile | 5 ++++- base_sdc-sanity/Dockerfile | 5 ++++- 5 files changed, 20 insertions(+), 5 deletions(-) diff --git a/base_sdc-cqlsh/Dockerfile b/base_sdc-cqlsh/Dockerfile index 59e84eb..3876ba9 100644 --- a/base_sdc-cqlsh/Dockerfile +++ b/base_sdc-cqlsh/Dockerfile @@ -4,4 +4,7 @@ RUN apk add --no-cache py-pip && \ pip install cqlsh==4.0.1 && \ set -ex && \ apk add --no-cache bash=4.4.19-r1 build-base=0.5-r0 ruby=2.4.4-r0 ruby-dev=2.4.4-r0 libffi-dev=3.2.1-r4 libxml2-dev=2.9.7-r0 && \ - gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 --no-document + gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 --no-document && \ + echo "http://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \ + apk update && \ + apk add binutils=2.30-r1 libtasn1=4.13-r0 diff --git a/base_sdc-elasticsearch/Dockerfile b/base_sdc-elasticsearch/Dockerfile index 8cbfeb2..045cc4c 100644 --- a/base_sdc-elasticsearch/Dockerfile +++ b/base_sdc-elasticsearch/Dockerfile @@ -5,4 +5,7 @@ RUN mkdir -p /var/chef/nodes # Install Chef RUN set -ex && \ apk add --no-cache curl vim bash=4.4.12-r2 build-base=0.5-r0 ruby=2.4.4-r0 ruby-dev=2.4.4-r0 libffi-dev=3.2.1-r4 libxml2-dev=2.9.7-r0 && \ - gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 --no-document + gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 --no-document && \ + echo "http://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \ + apk update && \ + apk add binutils=2.30-r1 curl=7.59.0-r1 libcurl=7.59.0-r1 libtasn1=4.13-r0 diff --git a/base_sdc-jetty/Dockerfile b/base_sdc-jetty/Dockerfile index 84d9ee1..d7be282 100644 --- a/base_sdc-jetty/Dockerfile +++ b/base_sdc-jetty/Dockerfile @@ -21,7 +21,10 @@ RUN set -ex && \ chef:13.8.5 \ berkshelf:6.3.1 \ io-console:0.4.6 \ - --no-document + --no-document && \ + echo "http://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \ + apk update && \ + apk add binutils=2.30-r1 jq=1.6_rc1-r1 libtasn1=4.13-r0 # Replace Jetty user ID COPY set_jetty_user.sh /tmp/set_jetty_user.sh diff --git a/base_sdc-python/Dockerfile b/base_sdc-python/Dockerfile index f572933..7f6a8c4 100644 --- a/base_sdc-python/Dockerfile +++ b/base_sdc-python/Dockerfile @@ -11,4 +11,7 @@ ENV PYCURL_SSL_LIBRARY=openssl RUN pip install 'influxdb==5.0.0' 'pycurl== 7.43.0.1' 'requests==2.18.4' && \ set -ex && \ apk add --no-cache bash=4.3.42-r5 ruby=2.3.7-r0 ruby-dev=2.3.7-r0 libffi-dev=3.2.1-r2 libxml2-dev=2.9.5-r0 && \ - gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 --no-document + gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 --no-document && \ + echo "http://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \ + apk update && \ + apk add binutils=2.30-r1 jq=1.6_rc1-r1 libpng=1.6.34-r1 diff --git a/base_sdc-sanity/Dockerfile b/base_sdc-sanity/Dockerfile index ce53b20..6eac58d 100644 --- a/base_sdc-sanity/Dockerfile +++ b/base_sdc-sanity/Dockerfile @@ -3,4 +3,7 @@ FROM openjdk:8-jdk-alpine # Install Chef RUN set -ex && \ apk add --no-cache curl vim bash=4.4.19-r1 build-base=0.5-r0 ruby=2.4.4-r0 ruby-dev=2.4.4-r0 libffi-dev=3.2.1-r4 libxml2-dev=2.9.7-r0 && \ - gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 --no-document + gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 --no-document && \ + echo "http://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \ + apk update && \ + apk add binutils=2.30-r1 curl=7.59.0-r1 libcurl=7.59.0-r1 libtasn1=4.13-r0 -- cgit 1.2.3-korg