Skip to content

Commit 8f9126f

Browse files
LZY7977LZY7977
committed
upgrade runc and .Net packages to address CVEs
1 parent 7b60370 commit 8f9126f

File tree

2 files changed

+12
-4
lines changed

2 files changed

+12
-4
lines changed

al2/aarch64/standard/2.0/Dockerfile

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ RUN set -ex \
3939
perl-DBI perl-HTTP-Date perl-IO-Pty-Easy perl-TimeDate perl-YAML-LibYAML \
4040
postgresql-devel procps-ng python-configobj readline-devel rsync sgml-common \
4141
subversion-perl tar tcl tk vim wget which xfsprogs xmlto xorg-x11-server-Xvfb xz-devel \
42-
amazon-ecr-credential-helper
42+
amazon-ecr-credential-helper runc
4343

4444
RUN useradd codebuild-user
4545

@@ -346,6 +346,10 @@ RUN set -ex \
346346
&& echo "${DOCKER_SHA256} *docker.tgz" | sha256sum -c - \
347347
&& tar --extract --file docker.tgz --strip-components 1 --directory /usr/local/bin \
348348
&& rm docker.tgz \
349+
# replace runc package to resolve CVE-2024-21626
350+
&& rm /usr/local/bin/runc \
351+
&& ln -s /usr/sbin/runc /usr/local/bin/runc \
352+
&& runc -v \
349353
&& docker -v \
350354
# set up subuid/subgid so that "--userns-remap=default" works out-of-the-box
351355
&& groupadd dockremap \

al2/aarch64/standard/3.0/Dockerfile

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ RUN set -ex \
3636
postgresql-devel procps-ng python-configobj readline-devel rsync sgml-common \
3737
patch pkg-config procps python3-configobj llvm rsync sqlite-devel \
3838
subversion-perl tar tcl tk vim wget which xfsprogs xmlto xorg-x11-server-Xvfb xz-devel \
39-
amazon-ecr-credential-helper git-lfs
39+
amazon-ecr-credential-helper git-lfs runc
4040

4141
RUN useradd codebuild-user
4242

@@ -357,6 +357,10 @@ RUN set -ex \
357357
&& echo "${DOCKER_SHA256} *docker.tgz" | sha256sum -c - \
358358
&& tar --extract --file docker.tgz --strip-components 1 --directory /usr/local/bin \
359359
&& rm docker.tgz \
360+
# replace runc package to resolve CVE-2024-21626
361+
&& rm /usr/local/bin/runc \
362+
&& ln -s /usr/sbin/runc /usr/local/bin/runc \
363+
&& runc -v \
360364
&& docker -v \
361365
# set up subuid/subgid so that "--userns-remap=default" works out-of-the-box
362366
&& groupadd dockremap \
@@ -384,8 +388,8 @@ RUN set -ex \
384388
FROM runtimes_2 AS runtimes_3
385389

386390
#DotNet
387-
ENV DOTNET_6_SDK_VERSION="6.0.417"
388-
ENV DOTNET_8_SDK_VERSION="8.0.100"
391+
ENV DOTNET_6_SDK_VERSION="6.0.419"
392+
ENV DOTNET_8_SDK_VERSION="8.0.201"
389393
ENV DOTNET_6_GLOBAL_JSON_SDK_VERSION="6.0.0"
390394
ENV DOTNET_8_GLOBAL_JSON_SDK_VERSION="8.0.0"
391395
ENV DOTNET_ROOT="/root/.dotnet"

0 commit comments

Comments
 (0)