aboutsummaryrefslogtreecommitdiffstats
path: root/packages/docker/src/main
diff options
context:
space:
mode:
authorchenying83 <chenying83@huawei.com>2018-04-23 09:59:52 +0000
committerchenying83 <chenying83@huawei.com>2018-04-23 10:01:40 +0000
commitba7d66616c8bc9879434ed6b7fe6bb9ba471a1cd (patch)
tree5fea087d449d6e582b8f03003ff87aedd88b8cbe /packages/docker/src/main
parent2b544715bd299ec1d45ca55f79f0e88646f8f600 (diff)
Fix library CVEs in SO
Fix additional CVEs: Also refactored to use ubuntu apt repos instead of manually installing from launchpad. Issue-ID: SO-579 Change-Id: I58e29a7e0188452789741087bc9c4af82f102b09 Signed-off-by: chenying83 <chenying83@huawei.com>
Diffstat (limited to 'packages/docker/src/main')
-rw-r--r--packages/docker/src/main/docker/docker-files/Dockerfile.mso-chef-final61
1 files changed, 57 insertions, 4 deletions
diff --git a/packages/docker/src/main/docker/docker-files/Dockerfile.mso-chef-final b/packages/docker/src/main/docker/docker-files/Dockerfile.mso-chef-final
index 4b7bbaf776..771949fdfd 100644
--- a/packages/docker/src/main/docker/docker-files/Dockerfile.mso-chef-final
+++ b/packages/docker/src/main/docker/docker-files/Dockerfile.mso-chef-final
@@ -15,13 +15,67 @@ ENV https_proxy=$HTTPS_PROXY
ENV CHEF_REPO_NAME="chef-repo"
ENV CHEF_CONFIG_NAME="mso-config"
-### Downloading dependencies
+USER root
+### Downloading dependencies
+# Install specific system libraries to fix CVE vulnerabilities
+RUN echo "deb http://archive.ubuntu.com/ubuntu/ artful main restricted" >> /etc/apt/sources.list && \
+ echo "deb http://security.ubuntu.com/ubuntu/ artful-security main restricted" >> /etc/apt/sources.list && \
+ echo "deb http://archive.ubuntu.com/ubuntu/ bionic main restricted" >> /etc/apt/sources.list && \
+ apt-get -y update
+
+# krb5 1.16-2build1
+# For CVE-2017-15088 CVE-2017-11462
+# libvorbis 1.3.5-4ubuntu0.2
+# For CVE-2017-14632 CVE-2017-14160
+# libx11 2:1.6.4-3
+# For CVE-2016-7943 CVE-2016-7942
+# libxtst 1.2.3-1
+# For CVE-2016-7951
+# ncurses 6.1-1ubuntu1
+# For CVE-2017-10685 CVE-2017-10684
+# libsqllite3-0 3.22.0-1
+# For CVE-2017-10989
+# libtiff5 4.0.8-5ubuntu0.1
+# For CVE-2017-9117 CVE-2016-9540 CVE-2016-9539 CVE-2016-9538 CVE-2016-9537 CVE-2016-9536 CVE-2016-9535 CVE-2016-9534 CVE-2016-9533 CVE-2015-8668 CVE-2015-7554 CVE-2016-6223 CVE-2017-5563 CVE-2016-3621 CVE-2016-8331
+# shadow 1:4.5-1ubuntu1
+# For CVE-2017-12424
+# perl-base 5.26.0-8ubuntu1.1
+# For CVE-2015-8608 CVE-2017-12883
+# openssl 1.1.0g-2ubuntu3
+# For CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2176
+# zlib1g 1:1.2.11.dfsg-0ubuntu2
+# For CVE-2016-9843 CVE-2016-9841 CVE-2016-9842 CVE-2016-9840
+# libexpat1 2.2.5-3
+# For CVE-2016-0718 CVE-2016-4472
+# libc-bin libc6 2.26-0ubuntu2.1
+# For CVE-2018-6485
+# openssl 1.1.0g-2ubuntu3
+# For CVE-2016-6303 CVE-2016-2182 CVE-2016-2177
+# libpcre3 2:8.39-5ubuntu3
+# For CVE-2016-3191 CVE-2016-1283
USER root
-RUN apt-get install -y netcat curl && curl -LO https://packages.chef.io/stable/ubuntu/12.04/chefdk_0.17.17-1_amd64.deb && curl -LO http://central.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/1.5.4/mariadb-java-client-1.5.4.jar && apt-get remove --purge -y curl && apt-get autoremove -y
+RUN apt-get -y install \
+ libkrb5-3=1.16-2build1 krb5-locales=1.16-2build1 \
+ libvorbis0a=1.3.5-4ubuntu0.2 \
+ libx11-6=2:1.6.4-3 libx11-data=2:1.6.4-3 libx11-doc=2:1.6.4-3 libx11-xcb1=2:1.6.4-3 \
+ libxtst6=2:1.2.3-1 \
+ ncurses-base=6.1-1ubuntu1 ncurses-bin=6.1-1ubuntu1 libncurses5=6.1-1ubuntu1 libncursesw5=6.1-1ubuntu1 \
+ libsqlite3-0=3.22.0-1 \
+ libtiff5=4.0.8-5ubuntu0.1 \
+ passwd=1:4.5-1ubuntu1 \
+ perl-base=5.26.0-8ubuntu1.1 \
+ zlib1g=1:1.2.11.dfsg-0ubuntu2 \
+ libexpat1=2.2.5-3 \
+ libc-bin=2.26-0ubuntu2.1 libc6=2.26-0ubuntu2.1 \
+ openssl=1.1.0g-2ubuntu3 \
+ libpcre3=2:8.39-5ubuntu3
+
+RUN apt-get install -y netcat curl && curl -LO https://packages.chef.io/files/stable/chefdk/2.5.3/ubuntu/16.04/chefdk_2.5.3-1_amd64.deb && curl -LO http://central.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/1.5.4/mariadb-java-client-1.5.4.jar && apt-get remove --purge -y curl && apt-get autoremove -y
### Install Chef
-RUN dpkg -i chefdk_0.17.17-1_amd64.deb
+#RUN dpkg -i chefdk_0.17.17-1_amd64.deb
+RUN dpkg -i chefdk_2.5.3-1_amd64.deb
COPY scripts/start-jboss-server.sh /opt/mso/scripts/start-jboss-server.sh
@@ -97,4 +151,3 @@ VOLUME /shared
### Start EAP
USER root
CMD ["/opt/mso/scripts/start-jboss-server.sh"]
-