Fix library CVEs in sdc-workflow-designer

Install specific system libraries to fix the following CVE vulnerabilities: krb5 1.16-2build1 For CVE-2017-15088 CVE-2017-11462 libvorbis 1.3.2-1.3ubuntu1.2 For CVE-2017-14632 CVE-2017-14160 libx11 1.6.4-3 For CVE-2016-7943 CVE-2016-7942 libxtst 1.2.3-1 For CVE-2016-7951 ncurses 6.1-1ubuntu1 For CVE-2017-10685 CVE-2017-10684 libsqllite3-0 3.22.0-1 For CVE-2017-10989 zlib1g 1.2.11.dfsg-0ubuntu2 For CVE-2016-9843 CVE-2016-9841 CVE-2016-9842 CVE-2016-9840 Change-Id: I50920cf929bbf79dba0ea7da76d15e7b1e3945ec Issue-ID: SDC-1201 Signed-off-by: Gary Wu <gary.i.wu@huawei.com>
author: Gary Wu <gary.i.wu@huawei.com> 2018-04-09 15:12:49 -0700
committer: Gary Wu <gary.i.wu@huawei.com> 2018-04-10 16:06:22 -0700
commit: ba694075deb7cf342cd092b695dd6cb748e9c223 (patch)
tree: a0bdc60dd3bd50c416f661492dbe50d1d22cf321
parent: 6f94812a870cbc5c4398086eebcfca001b7e1611 (diff)
1 files changed, 46 insertions, 0 deletions
diff --git a/distribution/src/main/docker/Dockerfile b/distribution/src/main/docker/Dockerfile
index d0008b70..51e6a45b 100644
--- a/distribution/src/main/docker/Dockerfile
+++ b/distribution/src/main/docker/Dockerfile
@@ -9,6 +9,52 @@ EXPOSE 8080
 RUN apt-get update
 RUN apt-get install -y openjdk-8-jdk
 
+RUN apt-get -y upgrade && apt-get -y install wget
+
+
+# Install specific system libraries to fix CVE vulnerabilities
+
+# krb5 1.16-2build1
+#   For CVE-2017-15088 CVE-2017-11462
+RUN wget https://launchpad.net/ubuntu/+source/krb5/1.16-2build1/+build/14312192/+files/libkrb5support0_1.16-2build1_amd64.deb && wget https://launchpad.net/ubuntu/+source/krb5/1.16-2build1/+build/14312192/+files/libk5crypto3_1.16-2build1_amd64.deb && dpkg -i libk5crypto3_1.16-2build1_amd64.deb libkrb5support0_1.16-2build1_amd64.deb
+RUN wget https://launchpad.net/ubuntu/+source/krb5/1.16-2build1/+build/14312192/+files/krb5-locales_1.16-2build1_all.deb && dpkg -i krb5-locales_1.16-2build1_all.deb
+RUN wget https://launchpad.net/ubuntu/+source/krb5/1.16-2build1/+build/14312192/+files/libkrb5-3_1.16-2build1_amd64.deb && dpkg -i libkrb5-3_1.16-2build1_amd64.deb
+RUN wget https://launchpad.net/ubuntu/+source/krb5/1.16-2build1/+build/14312192/+files/libgssapi-krb5-2_1.16-2build1_amd64.deb && dpkg -i libgssapi-krb5-2_1.16-2build1_amd64.deb
+
+# libvorbis 1.3.2-1.3ubuntu1.2
+#   For CVE-2017-14632 CVE-2017-14160
+RUN wget https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+build/14481066/+files/libvorbis0a_1.3.2-1.3ubuntu1.2_amd64.deb && dpkg -i libvorbis0a_1.3.2-1.3ubuntu1.2_amd64.deb
+RUN wget https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+build/14481066/+files/libvorbisenc2_1.3.2-1.3ubuntu1.2_amd64.deb && dpkg -i libvorbisenc2_1.3.2-1.3ubuntu1.2_amd64.deb
+
+# libx11 1.6.4-3
+#    For CVE-2016-7943 CVE-2016-7942
+RUN wget https://launchpad.net/ubuntu/+source/libx11/2:1.6.4-3/+build/12396404/+files/libx11-6_1.6.4-3_amd64.deb && dpkg -i libx11-6_1.6.4-3_amd64.deb
+RUN wget https://launchpad.net/ubuntu/+source/libx11/2:1.6.4-3/+build/12396404/+files/libx11-data_1.6.4-3_all.deb && dpkg -i libx11-data_1.6.4-3_all.deb
+RUN wget https://launchpad.net/ubuntu/+source/libx11/2:1.6.4-3/+build/12396404/+files/libx11-dev_1.6.4-3_amd64.deb && dpkg -i libx11-dev_1.6.4-3_amd64.deb
+RUN wget https://launchpad.net/ubuntu/+source/libx11/2:1.6.4-3/+build/12396404/+files/libx11-doc_1.6.4-3_all.deb && dpkg -i libx11-doc_1.6.4-3_all.deb
+RUN wget https://launchpad.net/ubuntu/+source/libx11/2:1.6.4-3/+build/12396404/+files/libx11-xcb1_1.6.4-3_amd64.deb && dpkg -i libx11-xcb1_1.6.4-3_amd64.deb
+
+# libxtst 1.2.3-1
+#    For CVE-2016-7951
+RUN wget https://launchpad.net/ubuntu/+source/libxtst/2:1.2.3-1/+build/11525872/+files/libxtst6_1.2.3-1_amd64.deb && dpkg -i libxtst6_1.2.3-1_amd64.deb
+
+# ncurses 6.1-1ubuntu1
+#    For CVE-2017-10685 CVE-2017-10684
+RUN wget https://launchpad.net/ubuntu/+source/ncurses/6.1-1ubuntu1/+build/14341521/+files/libtinfo5_6.1-1ubuntu1_amd64.deb && dpkg -i libtinfo5_6.1-1ubuntu1_amd64.deb
+RUN wget https://launchpad.net/ubuntu/+source/ncurses/6.1-1ubuntu1/+build/14341521/+files/libncurses5_6.1-1ubuntu1_amd64.deb && dpkg -i libncurses5_6.1-1ubuntu1_amd64.deb
+RUN wget https://launchpad.net/ubuntu/+source/ncurses/6.1-1ubuntu1/+build/14341521/+files/libncursesw5_6.1-1ubuntu1_amd64.deb && dpkg -i libncursesw5_6.1-1ubuntu1_amd64.deb
+RUN wget https://launchpad.net/ubuntu/+source/ncurses/6.1-1ubuntu1/+build/14341521/+files/ncurses-base_6.1-1ubuntu1_all.deb && dpkg -i ncurses-base_6.1-1ubuntu1_all.deb
+RUN wget https://launchpad.net/ubuntu/+source/ncurses/6.1-1ubuntu1/+build/14341521/+files/ncurses-bin_6.1-1ubuntu1_amd64.deb && dpkg -i ncurses-bin_6.1-1ubuntu1_amd64.deb
+
+# libsqllite3-0 3.22.0-1
+#   For CVE-2017-10989
+RUN wget https://launchpad.net/ubuntu/+source/sqlite3/3.22.0-1/+build/14264231/+files/libsqlite3-0_3.22.0-1_amd64.deb && dpkg -i libsqlite3-0_3.22.0-1_amd64.deb
+
+# zlib1g 1.2.11.dfsg-0ubuntu2
+#   For CVE-2016-9843 CVE-2016-9841 CVE-2016-9842 CVE-2016-9840
+RUN wget https://launchpad.net/ubuntu/+source/zlib/1:1.2.11.dfsg-0ubuntu2/+build/13260038/+files/zlib1g_1.2.11.dfsg-0ubuntu2_amd64.deb && dpkg -i zlib1g_1.2.11.dfsg-0ubuntu2_amd64.deb
+
+
 #configure the JDK
 RUN sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/java.security
 ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64
author	Gary Wu <gary.i.wu@huawei.com>	2018-04-09 15:12:49 -0700
committer	Gary Wu <gary.i.wu@huawei.com>	2018-04-10 16:06:22 -0700
commit	ba694075deb7cf342cd092b695dd6cb748e9c223 (patch)
tree	a0bdc60dd3bd50c416f661492dbe50d1d22cf321
parent	6f94812a870cbc5c4398086eebcfca001b7e1611 (diff)