Gitiles
Code Review Sign In
gerrit.nordix.org / onap / sdc / sdc-docker-base / 5ac4db020d162174b144540aa1ed464ae961d1b8 / . / base_sdc-cassandra / Dockerfile
blob: 5804b0a9a727b0dada737e85d847ae3f828c4de2 [file] [log] [blame]
shrek2000c0e96b52019-10-29 09:38:53 +0200[diff] [blame]1FROM cassandra:3.11.4
Areli Fuss547839b2017-08-22 15:34:37 +0300[diff] [blame]2
Gary Wud0a8a0d2018-04-12 10:39:39 -0700[diff] [blame]3# Upgrade specific system libraries to fix CVE vulnerabilities
4# avahi 0.7-3.1
5# For CVE-2017-6519
6# curl 7.58.0-2
7# For CVE-2016-7167 CVE-2016-7141
8# krb5 1.16-2
9# For 2018-5709 CVE-2017-15088 CVE-2017-11462
10# libtiff5 4.0.9-5
11# For CVE-2018-5360
12# libx11 2:1.6.5-1
13# For CVE-2016-7943 CVE-2016-7942
14# libxml2 2.9.4+dfsg1-6.1
15# For CVE-2016-4448
16# libxtst6 2:1.2.3-1
17# For CVE-2016-7951
18# perl 5.26.2-2
19# For CVE-2017-12837 CVE-2017-12883
20# python 2.7.15~rc1-1
21# For CVE-2017-1000158
22# libsqlite3-0 3.23.1-1
23# For CVE-2017-10989
24# libdb5.3
25# CVE-2016-3418 CVE-2016-0694 CVE-2016-0692 CVE-2016-0689 CVE-2016-0682
26# libcairo2 libcairo-gobject2
27# CVE-2017-9814
28# libc-bin libc6 multiarch-support
29# CVE-2018-1000001 CVE-2017-16997 CVE-2017-1000366 CVE-2015-5180 CVE-2016-5417 CVE-2018-6485 CVE-2017-15804 CVE-2017-15670 CVE-2014-9984 CVE-2014-9761 CVE-2015-8983 CVE-2015-8982
30# libgtk2.0-0 libgtk2.0-common
31# CVE-2014-1949
32# libharfbuzz0b
33# CVE-2015-8947 CVE-2016-2052
34# libgcrypt20
35# CVE-2017-0379
36# libtasn1-6
37# CVE-2018-6003 CVE-2017-10790
38# libxi6
39# CVE-2016-7946 CVE-2016-7945
40# libldap-2.4-2
41# CVE-2017-17740
42# libpcre3
43# CVE-2015-3217
44# passwd
45# CVE-2017-12424
46# zlib1g
47# CVE-2016-9843 CVE-2016-9841 CVE-2016-9842 CVE-2016-9840
48
Tomasz Golabek8a3e3fc2019-06-14 15:41:22 +0200[diff] [blame]49RUN sed -i '/deb http:\/\/deb.debian.org\/debian jessie-updates main/d' /etc/apt/sources.list && \
Tomasz Golabek8a3e3fc2019-06-14 15:41:22 +0200[diff] [blame]50 echo "deb [check-valid-until=no] http://archive.debian.org/debian jessie-backports main" >> /etc/apt/sources.list && \
51 echo "deb http://deb.debian.org/debian stretch main" >> /etc/apt/sources.list && \
Gary Wu79dd5f92018-05-10 07:47:22 -0700[diff] [blame]52 echo "deb http://deb.debian.org/debian stretch-updates main" >> /etc/apt/sources.list && \
53 echo "deb http://security.debian.org stretch/updates main" >> /etc/apt/sources.list && \
54 echo "deb http://deb.debian.org/debian buster main" >> /etc/apt/sources.list && \
Gary Wud0a8a0d2018-04-12 10:39:39 -0700[diff] [blame]55 echo "deb http://deb.debian.org/debian buster-updates main" >> /etc/apt/sources.list && \
56 echo "deb http://security.debian.org buster/updates main" >> /etc/apt/sources.list && \
Tomasz Golabek8a3e3fc2019-06-14 15:41:22 +0200[diff] [blame]57 apt-get -o Acquire::Check-Valid-Until=false update && \
58 apt-get -y install -t jessie-backports ca-certificates-java && \
59 apt-get -y install -t jessie-backports openjdk-8-jre-headless && \
Gary Wud0a8a0d2018-04-12 10:39:39 -0700[diff] [blame]60 apt-get -y --no-install-recommends install \
Tal Gitelmand18094d2018-10-29 19:51:30 +0200[diff] [blame]61 vim \
62 vim-runtime \
63 apt-utils \
Tal Gitelmand18094d2018-10-29 19:51:30 +0200[diff] [blame]64 libavahi-client3 \
65 libavahi-common3 \
66 curl \
67 libcurl4 \
68 krb5-locales \
69 libgssapi-krb5-2 \
70 libkrb5-3 \
71 libkrb5support0 \
72 libtiff5 \
73 libx11-6 \
74 libx11-data \
75 libx11-xcb1 \
76 libxml2 \
77 libxtst6 \
78 perl \
79 python \
80 libsqlite3-0 \
81 libdb5.3 \
82 libcairo2 \
83 libcairo-gobject2 \
84 libc-bin \
85 libc6 \
86 multiarch-support \
87 libgtk2.0-0 \
88 libgtk2.0-common \
89 libharfbuzz0b \
90 libgcrypt20 \
91 libtasn1-6 \
92 libxi6 \
93 libldap-2.4-2 \
94 libpcre3 \
95 passwd \
96 zlib1g \
97 ntp && \
98 apt-get -y autoremove && \
99 update-alternatives --set java /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java && \
Tomasz Golabek8a3e3fc2019-06-14 15:41:22 +0200[diff] [blame]100 curl -L https://omnitruck.chef.io/install.sh | bash -s -- -v 13.8.5
Areli Fuss547839b2017-08-22 15:34:37 +0300[diff] [blame]101