aboutsummaryrefslogtreecommitdiffstats
path: root/distribution/src/main
diff options
context:
space:
mode:
authorGary Wu <gary.i.wu@huawei.com>2018-04-16 15:18:23 -0700
committerGary Wu <gary.i.wu@huawei.com>2018-04-17 07:28:40 -0700
commit51060f6bebf95832f9f26e6124e473809925d001 (patch)
treedd37068709c90ab5c74dea02a60985eed166dda3 /distribution/src/main
parente789e3060b7860075820af76a71e6dfc050cc286 (diff)
Fix library CVEs in sdc-workflow-designer
Fix additional CVEs: libtiff5 4.0.8-5ubuntu0.1 For CVE-2017-9117 CVE-2016-9540 CVE-2016-9539 CVE-2016-9538 CVE-2016-9537 CVE-2016-9536 CVE-2016-9535 CVE-2016-9534 CVE-2016-9533 CVE-2015-8668 CVE-2015-7554 CVE-2016-6223 CVE-2017-5563 CVE-2016-3621 CVE-2016-8331 shadow 1:4.5-1ubuntu1 For CVE-2017-12424 perl-base 5.26.0-8ubuntu1.1 For CVE-2015-8608 CVE-2017-12883 openssl 1.1.0g-2ubuntu3 For CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2176 Also refactored to use ubuntu apt repos instead of manually installing from launchpad. Change-Id: If679f90e98091fed33f6a655abe28c33d15e9a43 Issue-ID: SDC-1201 Signed-off-by: Gary Wu <gary.i.wu@huawei.com>
Diffstat (limited to 'distribution/src/main')
-rw-r--r--distribution/src/main/docker/Dockerfile58
1 files changed, 29 insertions, 29 deletions
diff --git a/distribution/src/main/docker/Dockerfile b/distribution/src/main/docker/Dockerfile
index 51e6a45b..ebae7b13 100644
--- a/distribution/src/main/docker/Dockerfile
+++ b/distribution/src/main/docker/Dockerfile
@@ -9,50 +9,50 @@ EXPOSE 8080
RUN apt-get update
RUN apt-get install -y openjdk-8-jdk
-RUN apt-get -y upgrade && apt-get -y install wget
+RUN apt-get -y upgrade
# Install specific system libraries to fix CVE vulnerabilities
+RUN echo "deb http://archive.ubuntu.com/ubuntu/ artful main restricted" >> /etc/apt/sources.list && \
+ echo "deb http://security.ubuntu.com/ubuntu/ artful-security main restricted" >> /etc/apt/sources.list && \
+ echo "deb http://archive.ubuntu.com/ubuntu/ bionic main restricted" >> /etc/apt/sources.list && \
+ apt-get -y update
# krb5 1.16-2build1
# For CVE-2017-15088 CVE-2017-11462
-RUN wget https://launchpad.net/ubuntu/+source/krb5/1.16-2build1/+build/14312192/+files/libkrb5support0_1.16-2build1_amd64.deb && wget https://launchpad.net/ubuntu/+source/krb5/1.16-2build1/+build/14312192/+files/libk5crypto3_1.16-2build1_amd64.deb && dpkg -i libk5crypto3_1.16-2build1_amd64.deb libkrb5support0_1.16-2build1_amd64.deb
-RUN wget https://launchpad.net/ubuntu/+source/krb5/1.16-2build1/+build/14312192/+files/krb5-locales_1.16-2build1_all.deb && dpkg -i krb5-locales_1.16-2build1_all.deb
-RUN wget https://launchpad.net/ubuntu/+source/krb5/1.16-2build1/+build/14312192/+files/libkrb5-3_1.16-2build1_amd64.deb && dpkg -i libkrb5-3_1.16-2build1_amd64.deb
-RUN wget https://launchpad.net/ubuntu/+source/krb5/1.16-2build1/+build/14312192/+files/libgssapi-krb5-2_1.16-2build1_amd64.deb && dpkg -i libgssapi-krb5-2_1.16-2build1_amd64.deb
-
-# libvorbis 1.3.2-1.3ubuntu1.2
+# libvorbis 1.3.5-4ubuntu0.2
# For CVE-2017-14632 CVE-2017-14160
-RUN wget https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+build/14481066/+files/libvorbis0a_1.3.2-1.3ubuntu1.2_amd64.deb && dpkg -i libvorbis0a_1.3.2-1.3ubuntu1.2_amd64.deb
-RUN wget https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+build/14481066/+files/libvorbisenc2_1.3.2-1.3ubuntu1.2_amd64.deb && dpkg -i libvorbisenc2_1.3.2-1.3ubuntu1.2_amd64.deb
-
-# libx11 1.6.4-3
+# libx11 2:1.6.4-3
# For CVE-2016-7943 CVE-2016-7942
-RUN wget https://launchpad.net/ubuntu/+source/libx11/2:1.6.4-3/+build/12396404/+files/libx11-6_1.6.4-3_amd64.deb && dpkg -i libx11-6_1.6.4-3_amd64.deb
-RUN wget https://launchpad.net/ubuntu/+source/libx11/2:1.6.4-3/+build/12396404/+files/libx11-data_1.6.4-3_all.deb && dpkg -i libx11-data_1.6.4-3_all.deb
-RUN wget https://launchpad.net/ubuntu/+source/libx11/2:1.6.4-3/+build/12396404/+files/libx11-dev_1.6.4-3_amd64.deb && dpkg -i libx11-dev_1.6.4-3_amd64.deb
-RUN wget https://launchpad.net/ubuntu/+source/libx11/2:1.6.4-3/+build/12396404/+files/libx11-doc_1.6.4-3_all.deb && dpkg -i libx11-doc_1.6.4-3_all.deb
-RUN wget https://launchpad.net/ubuntu/+source/libx11/2:1.6.4-3/+build/12396404/+files/libx11-xcb1_1.6.4-3_amd64.deb && dpkg -i libx11-xcb1_1.6.4-3_amd64.deb
-
# libxtst 1.2.3-1
# For CVE-2016-7951
-RUN wget https://launchpad.net/ubuntu/+source/libxtst/2:1.2.3-1/+build/11525872/+files/libxtst6_1.2.3-1_amd64.deb && dpkg -i libxtst6_1.2.3-1_amd64.deb
-
# ncurses 6.1-1ubuntu1
# For CVE-2017-10685 CVE-2017-10684
-RUN wget https://launchpad.net/ubuntu/+source/ncurses/6.1-1ubuntu1/+build/14341521/+files/libtinfo5_6.1-1ubuntu1_amd64.deb && dpkg -i libtinfo5_6.1-1ubuntu1_amd64.deb
-RUN wget https://launchpad.net/ubuntu/+source/ncurses/6.1-1ubuntu1/+build/14341521/+files/libncurses5_6.1-1ubuntu1_amd64.deb && dpkg -i libncurses5_6.1-1ubuntu1_amd64.deb
-RUN wget https://launchpad.net/ubuntu/+source/ncurses/6.1-1ubuntu1/+build/14341521/+files/libncursesw5_6.1-1ubuntu1_amd64.deb && dpkg -i libncursesw5_6.1-1ubuntu1_amd64.deb
-RUN wget https://launchpad.net/ubuntu/+source/ncurses/6.1-1ubuntu1/+build/14341521/+files/ncurses-base_6.1-1ubuntu1_all.deb && dpkg -i ncurses-base_6.1-1ubuntu1_all.deb
-RUN wget https://launchpad.net/ubuntu/+source/ncurses/6.1-1ubuntu1/+build/14341521/+files/ncurses-bin_6.1-1ubuntu1_amd64.deb && dpkg -i ncurses-bin_6.1-1ubuntu1_amd64.deb
-
# libsqllite3-0 3.22.0-1
# For CVE-2017-10989
-RUN wget https://launchpad.net/ubuntu/+source/sqlite3/3.22.0-1/+build/14264231/+files/libsqlite3-0_3.22.0-1_amd64.deb && dpkg -i libsqlite3-0_3.22.0-1_amd64.deb
-
-# zlib1g 1.2.11.dfsg-0ubuntu2
+# libtiff5 4.0.8-5ubuntu0.1
+# For CVE-2017-9117 CVE-2016-9540 CVE-2016-9539 CVE-2016-9538 CVE-2016-9537 CVE-2016-9536 CVE-2016-9535 CVE-2016-9534 CVE-2016-9533 CVE-2015-8668 CVE-2015-7554 CVE-2016-6223 CVE-2017-5563 CVE-2016-3621 CVE-2016-8331
+# shadow 1:4.5-1ubuntu1
+# For CVE-2017-12424
+# perl-base 5.26.0-8ubuntu1.1
+# For CVE-2015-8608 CVE-2017-12883
+# openssl 1.1.0g-2ubuntu3
+# For CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2176
+# zlib1g 1:1.2.11.dfsg-0ubuntu2
# For CVE-2016-9843 CVE-2016-9841 CVE-2016-9842 CVE-2016-9840
-RUN wget https://launchpad.net/ubuntu/+source/zlib/1:1.2.11.dfsg-0ubuntu2/+build/13260038/+files/zlib1g_1.2.11.dfsg-0ubuntu2_amd64.deb && dpkg -i zlib1g_1.2.11.dfsg-0ubuntu2_amd64.deb
+
+RUN apt-get -y install \
+ libkrb5-3=1.16-2build1 krb5-locales=1.16-2build1 \
+ libvorbis0a=1.3.5-4ubuntu0.2 \
+ libx11-6=2:1.6.4-3 libx11-data=2:1.6.4-3 libx11-doc=2:1.6.4-3 libx11-xcb1=2:1.6.4-3 \
+ libxtst6=2:1.2.3-1 \
+ ncurses-base=6.1-1ubuntu1 ncurses-bin=6.1-1ubuntu1 libncurses5=6.1-1ubuntu1 libncursesw5=6.1-1ubuntu1 \
+ libsqlite3-0=3.22.0-1 \
+ libtiff5=4.0.8-5ubuntu0.1 \
+ passwd=1:4.5-1ubuntu1 \
+ perl-base=5.26.0-8ubuntu1.1 \
+ openssl=1.1.0g-2ubuntu3 \
+ zlib1g=1:1.2.11.dfsg-0ubuntu2
#configure the JDK