| Areli Fuss | 547839b | 2017-08-22 15:34:37 +0300 | [diff] [blame] | 1 | FROM kibana:4.3.3 |
| 2 | |
| Gary Wu | 1447537 | 2018-04-11 15:37:14 -0700 | [diff] [blame] | 3 | # Upgrade specific system libraries to fix CVE vulnerabilities |
| Gary Wu | e2eada3 | 2018-05-13 20:00:19 -0700 | [diff] [blame^] | 4 | # bash 4.4.18-2+b1 |
| Gary Wu | 1447537 | 2018-04-11 15:37:14 -0700 | [diff] [blame] | 5 | # For CVE-2016-0634 CVE-2016-7543 |
| 6 | # curl 7.58.0-2 |
| 7 | # For CVE-2016-7167 CVE-2016-7141 |
| 8 | # krb5 1.16-2 |
| 9 | # For CVE-2018-5709 CVE-2017-15088 CVE-2017-11462 |
| 10 | # openssl 1.1.0h-2 |
| 11 | # For CVE-2016-8610 CVE-2017-3731 CVE-2016-6302 CVE-2016-2181 CVE-2016-2179 CVE-2016-2180 CVE-2016-2109 CVE-2016-2106 CVE-2016-2105 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2176 |
| 12 | # perl 5.26.2-2 |
| 13 | # For CVE-2017-12837 CVE-2017-12883 |
| 14 | # systemd 238-4 |
| 15 | # For CVE-2017-1000082 CVE-2017-9445 CVE-2017-9217 |
| Gary Wu | e2eada3 | 2018-05-13 20:00:19 -0700 | [diff] [blame^] | 16 | # wget 1.19.5-1 |
| Gary Wu | 1447537 | 2018-04-11 15:37:14 -0700 | [diff] [blame] | 17 | # For CVE-2017-13090 CVE-2017-13089 CVE-2016-7098 |
| 18 | # libdb5.3 |
| 19 | # CVE-2016-3418 CVE-2016-0694 CVE-2016-0692 CVE-2016-0689 CVE-2016-0682 |
| 20 | # libc-bin libc6 multiarch-support |
| 21 | # CVE-2018-1000001 CVE-2017-16997 CVE-2017-1000366 CVE-2015-5180 CVE-2016-5417 CVE-2018-6485 CVE-2017-15804 CVE-2017-15670 CVE-2014-9984 CVE-2014-9761 CVE-2015-8983 CVE-2015-8982 |
| 22 | # libgnutls30 |
| 23 | # CVE-2017-5335 CVE-2017-5337 CVE-2017-5334 |
| 24 | # libgcrypt20 |
| 25 | # CVE-2017-0379 |
| 26 | # libtasn1-6 |
| 27 | # CVE-2018-6003 CVE-2017-10790 |
| 28 | # libldap-2.4-2 |
| 29 | # CVE-2017-17740 |
| 30 | # libpcre3 |
| 31 | # CVE-2015-3217 |
| 32 | # passwd |
| 33 | # CVE-2017-12424 |
| 34 | # zlib1g |
| 35 | # CVE-2016-9843 CVE-2016-9841 CVE-2016-9842 CVE-2016-9840 |
| 36 | |
| Gary Wu | 79dd5f9 | 2018-05-10 07:47:22 -0700 | [diff] [blame] | 37 | RUN echo "deb http://deb.debian.org/debian stretch main" >> /etc/apt/sources.list && \ |
| 38 | echo "deb http://deb.debian.org/debian stretch-updates main" >> /etc/apt/sources.list && \ |
| 39 | echo "deb http://security.debian.org stretch/updates main" >> /etc/apt/sources.list && \ |
| 40 | echo "deb http://deb.debian.org/debian buster main" >> /etc/apt/sources.list && \ |
| Gary Wu | 1447537 | 2018-04-11 15:37:14 -0700 | [diff] [blame] | 41 | echo "deb http://deb.debian.org/debian buster-updates main" >> /etc/apt/sources.list && \ |
| 42 | echo "deb http://security.debian.org buster/updates main" >> /etc/apt/sources.list && \ |
| 43 | apt-get -y update && \ |
| 44 | apt-get -y --no-install-recommends install \ |
| 45 | vim=2:7.4.488-7+deb8u3 vim-common=2:7.4.488-7+deb8u3 vim-runtime=2:7.4.488-7+deb8u3 \ |
| Gary Wu | e2eada3 | 2018-05-13 20:00:19 -0700 | [diff] [blame^] | 46 | bash=4.4.18-2+b1 \ |
| Gary Wu | 1447537 | 2018-04-11 15:37:14 -0700 | [diff] [blame] | 47 | curl=7.58.0-2 libcurl3=7.58.0-2 \ |
| 48 | krb5-locales=1.16-2 libgssapi-krb5-2=1.16-2 libkrb5-3=1.16-2 libkrb5support0=1.16-2 \ |
| 49 | openssl=1.1.0h-2 \ |
| 50 | perl-base=5.26.2-3 \ |
| 51 | systemd=238-4 \ |
| Gary Wu | e2eada3 | 2018-05-13 20:00:19 -0700 | [diff] [blame^] | 52 | wget=1.19.5-1 \ |
| Gary Wu | 1447537 | 2018-04-11 15:37:14 -0700 | [diff] [blame] | 53 | libdb5.3=5.3.28-13.1+b1 \ |
| 54 | libc-bin=2.27-3 libc6=2.27-3 multiarch-support=2.27-3 \ |
| 55 | libgnutls30=3.5.18-1 \ |
| 56 | libgcrypt20=1.8.2-2 \ |
| 57 | libtasn1-6=4.13-2 \ |
| Gary Wu | 79dd5f9 | 2018-05-10 07:47:22 -0700 | [diff] [blame] | 58 | libldap-2.4-2=2.4.44+dfsg-5+deb9u1 \ |
| Gary Wu | 1447537 | 2018-04-11 15:37:14 -0700 | [diff] [blame] | 59 | libpcre3=2:8.39-9 \ |
| 60 | passwd=1:4.5-1 \ |
| 61 | zlib1g=1:1.2.8.dfsg-5 && \ |
| 62 | apt-get -y autoremove |
| Areli Fuss | 547839b | 2017-08-22 15:34:37 +0300 | [diff] [blame] | 63 | |
| 64 | # install chef-solo |
| 65 | RUN curl -L https://omnitruck.chef.io/install.sh | bash |
| 66 | |