Latest vulnerability fixes

1. Updated ubuntu version to latest version. This fixes libgnutls30 package. 2. Cryptography package updated to suggested version. 3. Updated bash package to latest version manually. Latest Ubuntu version still contains vulnerable package so had to manually upgrade.
e-mission · Apr 5, 2024 · c7be36c · c7be36c
1 parent 174bfb1
commit c7be36c
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/.docker/setup_config.sh b/.docker/setup_config.sh
@@ -13,7 +13,7 @@ source setup/setup.sh
 ## 10/02 - Mukul
 ## - Above comments talk about manually updating cryptography to version 40
 ## - I have upgraded to 41.0.4 as per latest vulnerability fixes.
-conda install -c conda-forge cryptography=41.0.7 wheel=0.40.0
+conda install -c conda-forge cryptography=42.0.0 wheel=0.40.0
 
 ## Remove the old, unused packages to avoid tripping up the checker
 rm -rf /root/miniconda-23.1.0/pkgs/cryptography-38.0.4-py39h9ce1e76_0
@@ -26,12 +26,17 @@ rm -rf /root/miniconda-23.5.2/pkgs/urllib3-1.26.17-pyhd8ed1ab_0
 rm -rf /root/miniconda-23.5.2/envs/emission/lib/python3.9/site-packages/urllib3-1.26.17.dist-info
 rm -rf /root/miniconda-23.5.2/lib/python3.9/site-packages/urllib3-1.26.16.dist-info
 rm -rf /root/miniconda-23.5.2/lib/python3.9/site-packages/tests
+rm -rf /root/miniconda-23.5.2/lib/python3.9/site-packages/cryptography-41.0.7.dist-info
 
 # Clean up the conda install
 conda clean -t
 find /root/miniconda-*/pkgs -wholename \*info/test\* -type d | xargs rm -rf
 find ~/miniconda-23.5.2 -name \*tests\* -path '*/site-packages/*' | grep ".*/site-packages/tests" | xargs rm -rf
 
+# Updating bash package to latest version manually 
+apt-get update
+apt-get install bash=5.1-6ubuntu1.1
+
 if [ -d "webapp/www/" ]; then
     cp /index.html webapp/www/index.html
 fi

diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 # python 3
-FROM ubuntu:jammy-20231211.1
+FROM ubuntu:jammy-20240227
 
 MAINTAINER K. Shankari ([email protected])