diff --git a/al2/x86_64/standard/4.0/Dockerfile b/al2/x86_64/standard/4.0/Dockerfile index db24aec4..1bd8d1c2 100644 --- a/al2/x86_64/standard/4.0/Dockerfile +++ b/al2/x86_64/standard/4.0/Dockerfile @@ -237,7 +237,7 @@ RUN set -ex \ && ln -s /opt/microsoft/powershell/$POWERSHELL_VERSION/pwsh /usr/bin/pwsh #DotNet 6.0 -ENV DOTNET_60_SDK_VERSION="6.0.410" +ENV DOTNET_60_SDK_VERSION="6.0.418" ENV DOTNET_ROOT="/root/.dotnet" # Add .NET Core 6.0 Global Tools install folder to PATH @@ -338,6 +338,11 @@ RUN set -ex \ && tar --extract --file docker.tgz --strip-components 1 --directory /usr/local/bin/ \ && rm docker.tgz \ && docker -v \ + # replace runc package to resolve CVE-2024-21626 + && yum -y install runc \ + && rm -f /usr/local/bin/runc \ + && ln -s /usr/sbin/runc /usr/local/bin/runc \ + && runc -v \ # set up subuid/subgid so that "--userns-remap=default" works out-of-the-box && groupadd dockremap \ && useradd -g dockremap dockremap \ diff --git a/al2/x86_64/standard/5.0/Dockerfile b/al2/x86_64/standard/5.0/Dockerfile index 9dfaa0c7..7dfe9e80 100644 --- a/al2/x86_64/standard/5.0/Dockerfile +++ b/al2/x86_64/standard/5.0/Dockerfile @@ -244,8 +244,8 @@ RUN curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o /tmp/awscli && aws --version #DotNet 6.0 -ENV DOTNET_6_SDK_VERSION="6.0.417" -ENV DOTNET_8_SDK_VERSION="8.0.100" +ENV DOTNET_6_SDK_VERSION="6.0.418" +ENV DOTNET_8_SDK_VERSION="8.0.101" ENV DOTNET_6_GLOBAL_JSON_SDK_VERSION="6.0.0" ENV DOTNET_8_GLOBAL_JSON_SDK_VERSION="8.0.0" ENV DOTNET_ROOT="/root/.dotnet" @@ -377,6 +377,11 @@ RUN set -ex \ && tar --extract --file docker.tgz --strip-components 1 --directory /usr/local/bin/ \ && rm docker.tgz \ && docker -v \ + # replace runc package to resolve CVE-2024-21626 + && yum -y install runc \ + && rm -f /usr/local/bin/runc \ + && ln -s /usr/sbin/runc /usr/local/bin/runc \ + && runc -v \ # set up subuid/subgid so that "--userns-remap=default" works out-of-the-box && groupadd dockremap \ && useradd -g dockremap dockremap \ diff --git a/al2/x86_64/standard/corretto11/Dockerfile b/al2/x86_64/standard/corretto11/Dockerfile index 651be81b..9f30aa51 100644 --- a/al2/x86_64/standard/corretto11/Dockerfile +++ b/al2/x86_64/standard/corretto11/Dockerfile @@ -86,6 +86,12 @@ RUN set -ex \ && tar --extract --file docker.tgz --strip-components 1 --directory /usr/local/bin/ \ && rm docker.tgz \ && docker -v \ + # replace runc package to resolve CVE-2024-21626 + && amazon-linux-extras enable docker \ + && yum -y install runc \ + && rm -f /usr/local/bin/runc \ + && ln -s /usr/sbin/runc /usr/local/bin/runc \ + && runc -v \ # set up subuid/subgid so that "--userns-remap=default" works out-of-the-box && groupadd dockremap \ && useradd -g dockremap dockremap \ diff --git a/al2/x86_64/standard/corretto8/Dockerfile b/al2/x86_64/standard/corretto8/Dockerfile index 1409e94c..9b0edd92 100644 --- a/al2/x86_64/standard/corretto8/Dockerfile +++ b/al2/x86_64/standard/corretto8/Dockerfile @@ -86,6 +86,12 @@ RUN set -ex \ && tar --extract --file docker.tgz --strip-components 1 --directory /usr/local/bin/ \ && rm docker.tgz \ && docker -v \ + # replace runc package to resolve CVE-2024-21626 + && amazon-linux-extras enable docker \ + && yum -y install runc \ + && rm -f /usr/local/bin/runc \ + && ln -s /usr/sbin/runc /usr/local/bin/runc \ + && runc -v \ # set up subuid/subgid so that "--userns-remap=default" works out-of-the-box && groupadd dockremap \ && useradd -g dockremap dockremap \ diff --git a/ubuntu/standard/5.0/Dockerfile b/ubuntu/standard/5.0/Dockerfile index b96eacbc..5cf35a74 100644 --- a/ubuntu/standard/5.0/Dockerfile +++ b/ubuntu/standard/5.0/Dockerfile @@ -434,6 +434,11 @@ RUN set -ex \ && tar --extract --file docker.tgz --strip-components 1 --directory /usr/local/bin/ \ && rm docker.tgz \ && docker -v \ + # replace runc package to resolve CVE-2024-21626 + && apt-get update && apt-get -y install runc \ + && rm -f /usr/local/bin/runc \ + && ln -s /usr/sbin/runc /usr/local/bin/runc \ + && runc -v \ # set up subuid/subgid so that "--userns-remap=default" works out-of-the-box && addgroup dockremap \ && useradd -g dockremap dockremap \ diff --git a/ubuntu/standard/6.0/Dockerfile b/ubuntu/standard/6.0/Dockerfile index 6e985ff2..7ce504cf 100644 --- a/ubuntu/standard/6.0/Dockerfile +++ b/ubuntu/standard/6.0/Dockerfile @@ -143,7 +143,7 @@ FROM tools AS runtimes #**************** .NET-CORE ******************************************************* -ENV DOTNET_6_SDK_VERSION="6.0.410" +ENV DOTNET_6_SDK_VERSION="6.0.418" ENV DOTNET_ROOT="/root/.dotnet" # Add .NET Core 6 Global Tools install folder to PATH @@ -353,6 +353,11 @@ RUN set -ex \ && tar --extract --file docker.tgz --strip-components 1 --directory /usr/local/bin/ \ && rm docker.tgz \ && docker -v \ + # replace runc package to resolve CVE-2024-21626 + && apt-get update && apt-get -y install runc \ + && rm -f /usr/local/bin/runc \ + && ln -s /usr/sbin/runc /usr/local/bin/runc \ + && runc -v \ # set up subuid/subgid so that "--userns-remap=default" works out-of-the-box && addgroup dockremap \ && useradd -g dockremap dockremap \ diff --git a/ubuntu/standard/7.0/Dockerfile b/ubuntu/standard/7.0/Dockerfile index 50f00b74..1b94aec4 100644 --- a/ubuntu/standard/7.0/Dockerfile +++ b/ubuntu/standard/7.0/Dockerfile @@ -159,8 +159,8 @@ FROM tools AS runtimes #**************** .NET-CORE ******************************************************* -ENV DOTNET_6_SDK_VERSION="6.0.417" -ENV DOTNET_8_SDK_VERSION="8.0.100" +ENV DOTNET_6_SDK_VERSION="6.0.418" +ENV DOTNET_8_SDK_VERSION="8.0.101" ENV DOTNET_6_GLOBAL_JSON_SDK_VERSION="6.0.0" ENV DOTNET_8_GLOBAL_JSON_SDK_VERSION="8.0.0" ENV DOTNET_ROOT="/root/.dotnet" @@ -397,6 +397,11 @@ RUN set -ex \ && tar --extract --file docker.tgz --strip-components 1 --directory /usr/local/bin/ \ && rm docker.tgz \ && docker -v \ + # replace runc package to resolve CVE-2024-21626 + && apt-get update && apt-get -y install runc \ + && rm -f /usr/local/bin/runc \ + && ln -s /usr/sbin/runc /usr/local/bin/runc \ + && runc -v \ # set up subuid/subgid so that "--userns-remap=default" works out-of-the-box && addgroup dockremap \ && useradd -g dockremap dockremap \