aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--distribution/src/main/docker/Dockerfile66
1 files changed, 45 insertions, 21 deletions
diff --git a/distribution/src/main/docker/Dockerfile b/distribution/src/main/docker/Dockerfile
index ebae7b13..bd28c615 100644
--- a/distribution/src/main/docker/Dockerfile
+++ b/distribution/src/main/docker/Dockerfile
@@ -12,15 +12,14 @@ RUN apt-get install -y openjdk-8-jdk
RUN apt-get -y upgrade
-# Install specific system libraries to fix CVE vulnerabilities
-RUN echo "deb http://archive.ubuntu.com/ubuntu/ artful main restricted" >> /etc/apt/sources.list && \
- echo "deb http://security.ubuntu.com/ubuntu/ artful-security main restricted" >> /etc/apt/sources.list && \
- echo "deb http://archive.ubuntu.com/ubuntu/ bionic main restricted" >> /etc/apt/sources.list && \
+# Upgrade specific system libraries to fix CVE vulnerabilities
+RUN echo "deb http://archive.ubuntu.com/ubuntu/ bionic main restricted" >> /etc/apt/sources.list && \
+ echo "deb http://security.ubuntu.com/ubuntu/ bionic-security main restricted" >> /etc/apt/sources.list && \
apt-get -y update
# krb5 1.16-2build1
# For CVE-2017-15088 CVE-2017-11462
-# libvorbis 1.3.5-4ubuntu0.2
+# libvorbis 1.3.5-4.2
# For CVE-2017-14632 CVE-2017-14160
# libx11 2:1.6.4-3
# For CVE-2016-7943 CVE-2016-7942
@@ -30,30 +29,55 @@ RUN echo "deb http://archive.ubuntu.com/ubuntu/ artful main restricted" >> /etc/
# For CVE-2017-10685 CVE-2017-10684
# libsqllite3-0 3.22.0-1
# For CVE-2017-10989
-# libtiff5 4.0.8-5ubuntu0.1
+# libtiff5 4.0.9-5
# For CVE-2017-9117 CVE-2016-9540 CVE-2016-9539 CVE-2016-9538 CVE-2016-9537 CVE-2016-9536 CVE-2016-9535 CVE-2016-9534 CVE-2016-9533 CVE-2015-8668 CVE-2015-7554 CVE-2016-6223 CVE-2017-5563 CVE-2016-3621 CVE-2016-8331
# shadow 1:4.5-1ubuntu1
# For CVE-2017-12424
-# perl-base 5.26.0-8ubuntu1.1
+# perl-base 5.26.1-6
# For CVE-2015-8608 CVE-2017-12883
-# openssl 1.1.0g-2ubuntu3
+# openssl 1.1.0g-2ubuntu4
# For CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2176
# zlib1g 1:1.2.11.dfsg-0ubuntu2
# For CVE-2016-9843 CVE-2016-9841 CVE-2016-9842 CVE-2016-9840
+# libdb5.3
+# CVE-2016-3418 CVE-2016-0694 CVE-2016-0692 CVE-2016-0689 CVE-2016-0682
+# libcairo2
+# CVE-2017-9814
+# libc-bin libc6 multiarch-support
+# CVE-2018-6485
+# libgtk2.0-0 libgtk2.0-bin libgtk2.0-common
+# CVE-2014-1949
+# libgcrypt20
+# CVE-2017-0379
+# libxi6
+# CVE-2016-7946 CVE-2016-7945
+# libxml2
+# CVE-2016-9318
+# libpcre3
+# CVE-2017-6004
-RUN apt-get -y install \
- libkrb5-3=1.16-2build1 krb5-locales=1.16-2build1 \
- libvorbis0a=1.3.5-4ubuntu0.2 \
- libx11-6=2:1.6.4-3 libx11-data=2:1.6.4-3 libx11-doc=2:1.6.4-3 libx11-xcb1=2:1.6.4-3 \
- libxtst6=2:1.2.3-1 \
- ncurses-base=6.1-1ubuntu1 ncurses-bin=6.1-1ubuntu1 libncurses5=6.1-1ubuntu1 libncursesw5=6.1-1ubuntu1 \
- libsqlite3-0=3.22.0-1 \
- libtiff5=4.0.8-5ubuntu0.1 \
- passwd=1:4.5-1ubuntu1 \
- perl-base=5.26.0-8ubuntu1.1 \
- openssl=1.1.0g-2ubuntu3 \
- zlib1g=1:1.2.11.dfsg-0ubuntu2
-
+RUN apt-get -y --only-upgrade install \
+ libkrb5-3 krb5-locales \
+ libvorbis0a \
+ libx11-6 libx11-data libx11-doc libx11-xcb1 \
+ libxtst6 \
+ ncurses-base ncurses-bin libncurses5 libncursesw5 \
+ libsqlite3-0 \
+ libtiff5 \
+ passwd \
+ perl-base \
+ libssl1.0.0 \
+ openssl \
+ zlib1g \
+ libdb5.3 \
+ libcairo2 \
+ libc-bin libc6 multiarch-support \
+ libgtk2.0-0 libgtk2.0-bin libgtk2.0-common \
+ libgcrypt20 \
+ libxi6 \
+ libxml2 \
+ libpcre3 && \
+ apt-get -y autoremove
#configure the JDK
RUN sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/java.security