From c7be36ccafd603d64599e243a863035539d467af Mon Sep 17 00:00:00 2001 From: "Mahadik, Mukul Chandrakant" Date: Fri, 5 Apr 2024 10:54:20 -0700 Subject: [PATCH] Latest vulnerability fixes 1. Updated ubuntu version to latest version. This fixes libgnutls30 package. 2. Cryptography package updated to suggested version. 3. Updated bash package to latest version manually. Latest Ubuntu version still contains vulnerable package so had to manually upgrade. --- .docker/setup_config.sh | 7 ++++++- Dockerfile | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.docker/setup_config.sh b/.docker/setup_config.sh index 05456eea1..1f7e30857 100644 --- a/.docker/setup_config.sh +++ b/.docker/setup_config.sh @@ -13,7 +13,7 @@ source setup/setup.sh ## 10/02 - Mukul ## - Above comments talk about manually updating cryptography to version 40 ## - I have upgraded to 41.0.4 as per latest vulnerability fixes. -conda install -c conda-forge cryptography=41.0.7 wheel=0.40.0 +conda install -c conda-forge cryptography=42.0.0 wheel=0.40.0 ## Remove the old, unused packages to avoid tripping up the checker rm -rf /root/miniconda-23.1.0/pkgs/cryptography-38.0.4-py39h9ce1e76_0 @@ -26,12 +26,17 @@ rm -rf /root/miniconda-23.5.2/pkgs/urllib3-1.26.17-pyhd8ed1ab_0 rm -rf /root/miniconda-23.5.2/envs/emission/lib/python3.9/site-packages/urllib3-1.26.17.dist-info rm -rf /root/miniconda-23.5.2/lib/python3.9/site-packages/urllib3-1.26.16.dist-info rm -rf /root/miniconda-23.5.2/lib/python3.9/site-packages/tests +rm -rf /root/miniconda-23.5.2/lib/python3.9/site-packages/cryptography-41.0.7.dist-info # Clean up the conda install conda clean -t find /root/miniconda-*/pkgs -wholename \*info/test\* -type d | xargs rm -rf find ~/miniconda-23.5.2 -name \*tests\* -path '*/site-packages/*' | grep ".*/site-packages/tests" | xargs rm -rf +# Updating bash package to latest version manually +apt-get update +apt-get install bash=5.1-6ubuntu1.1 + if [ -d "webapp/www/" ]; then cp /index.html webapp/www/index.html fi diff --git a/Dockerfile b/Dockerfile index 7fa923ea0..b723189b8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # python 3 -FROM ubuntu:jammy-20231211.1 +FROM ubuntu:jammy-20240227 MAINTAINER K. Shankari (shankari@eecs.berkeley.edu)