diff options
| -rw-r--r-- | distribution/src/main/docker/Dockerfile | 66 |
1 files changed, 45 insertions, 21 deletions
diff --git a/distribution/src/main/docker/Dockerfile b/distribution/src/main/docker/Dockerfile index ebae7b13..bd28c615 100644 --- a/distribution/src/main/docker/Dockerfile +++ b/distribution/src/main/docker/Dockerfile @@ -12,15 +12,14 @@ RUN apt-get install -y openjdk-8-jdk RUN apt-get -y upgrade -# Install specific system libraries to fix CVE vulnerabilities -RUN echo "deb http://archive.ubuntu.com/ubuntu/ artful main restricted" >> /etc/apt/sources.list && \ - echo "deb http://security.ubuntu.com/ubuntu/ artful-security main restricted" >> /etc/apt/sources.list && \ - echo "deb http://archive.ubuntu.com/ubuntu/ bionic main restricted" >> /etc/apt/sources.list && \ +# Upgrade specific system libraries to fix CVE vulnerabilities +RUN echo "deb http://archive.ubuntu.com/ubuntu/ bionic main restricted" >> /etc/apt/sources.list && \ + echo "deb http://security.ubuntu.com/ubuntu/ bionic-security main restricted" >> /etc/apt/sources.list && \ apt-get -y update # krb5 1.16-2build1 # For CVE-2017-15088 CVE-2017-11462 -# libvorbis 1.3.5-4ubuntu0.2 +# libvorbis 1.3.5-4.2 # For CVE-2017-14632 CVE-2017-14160 # libx11 2:1.6.4-3 # For CVE-2016-7943 CVE-2016-7942 @@ -30,30 +29,55 @@ RUN echo "deb http://archive.ubuntu.com/ubuntu/ artful main restricted" >> /etc/ # For CVE-2017-10685 CVE-2017-10684 # libsqllite3-0 3.22.0-1 # For CVE-2017-10989 -# libtiff5 4.0.8-5ubuntu0.1 +# libtiff5 4.0.9-5 # For CVE-2017-9117 CVE-2016-9540 CVE-2016-9539 CVE-2016-9538 CVE-2016-9537 CVE-2016-9536 CVE-2016-9535 CVE-2016-9534 CVE-2016-9533 CVE-2015-8668 CVE-2015-7554 CVE-2016-6223 CVE-2017-5563 CVE-2016-3621 CVE-2016-8331 # shadow 1:4.5-1ubuntu1 # For CVE-2017-12424 -# perl-base 5.26.0-8ubuntu1.1 +# perl-base 5.26.1-6 # For CVE-2015-8608 CVE-2017-12883 -# openssl 1.1.0g-2ubuntu3 +# openssl 1.1.0g-2ubuntu4 # For CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2176 # zlib1g 1:1.2.11.dfsg-0ubuntu2 # For CVE-2016-9843 CVE-2016-9841 CVE-2016-9842 CVE-2016-9840 +# libdb5.3 +# CVE-2016-3418 CVE-2016-0694 CVE-2016-0692 CVE-2016-0689 CVE-2016-0682 +# libcairo2 +# CVE-2017-9814 +# libc-bin libc6 multiarch-support +# CVE-2018-6485 +# libgtk2.0-0 libgtk2.0-bin libgtk2.0-common +# CVE-2014-1949 +# libgcrypt20 +# CVE-2017-0379 +# libxi6 +# CVE-2016-7946 CVE-2016-7945 +# libxml2 +# CVE-2016-9318 +# libpcre3 +# CVE-2017-6004 -RUN apt-get -y install \ - libkrb5-3=1.16-2build1 krb5-locales=1.16-2build1 \ - libvorbis0a=1.3.5-4ubuntu0.2 \ - libx11-6=2:1.6.4-3 libx11-data=2:1.6.4-3 libx11-doc=2:1.6.4-3 libx11-xcb1=2:1.6.4-3 \ - libxtst6=2:1.2.3-1 \ - ncurses-base=6.1-1ubuntu1 ncurses-bin=6.1-1ubuntu1 libncurses5=6.1-1ubuntu1 libncursesw5=6.1-1ubuntu1 \ - libsqlite3-0=3.22.0-1 \ - libtiff5=4.0.8-5ubuntu0.1 \ - passwd=1:4.5-1ubuntu1 \ - perl-base=5.26.0-8ubuntu1.1 \ - openssl=1.1.0g-2ubuntu3 \ - zlib1g=1:1.2.11.dfsg-0ubuntu2 - +RUN apt-get -y --only-upgrade install \ + libkrb5-3 krb5-locales \ + libvorbis0a \ + libx11-6 libx11-data libx11-doc libx11-xcb1 \ + libxtst6 \ + ncurses-base ncurses-bin libncurses5 libncursesw5 \ + libsqlite3-0 \ + libtiff5 \ + passwd \ + perl-base \ + libssl1.0.0 \ + openssl \ + zlib1g \ + libdb5.3 \ + libcairo2 \ + libc-bin libc6 multiarch-support \ + libgtk2.0-0 libgtk2.0-bin libgtk2.0-common \ + libgcrypt20 \ + libxi6 \ + libxml2 \ + libpcre3 && \ + apt-get -y autoremove #configure the JDK RUN sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/java.security |