Merge pull request #710 from LZY7977/master

upgrade runc and .Net packages on Arm images
aws · Mar 7, 2024 · d8f9acc · d8f9acc
2 parents 7b60370 + 8f9126f
commit d8f9acc
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 4 deletions.
diff --git a/al2/aarch64/standard/2.0/Dockerfile b/al2/aarch64/standard/2.0/Dockerfile
@@ -39,7 +39,7 @@ RUN set -ex \
            perl-DBI perl-HTTP-Date perl-IO-Pty-Easy perl-TimeDate perl-YAML-LibYAML \
            postgresql-devel procps-ng python-configobj readline-devel rsync sgml-common \
            subversion-perl tar tcl tk vim wget which xfsprogs xmlto xorg-x11-server-Xvfb xz-devel \
-           amazon-ecr-credential-helper
+           amazon-ecr-credential-helper runc
 
 RUN useradd codebuild-user
 
@@ -346,6 +346,10 @@ RUN set -ex \
     && echo "${DOCKER_SHA256} *docker.tgz" | sha256sum -c - \
     && tar --extract --file docker.tgz --strip-components 1  --directory /usr/local/bin \
     && rm docker.tgz \
+    # replace runc package to resolve CVE-2024-21626
+    && rm /usr/local/bin/runc \
+    && ln -s /usr/sbin/runc /usr/local/bin/runc \
+    && runc -v \
     && docker -v \
     # set up subuid/subgid so that "--userns-remap=default" works out-of-the-box
     && groupadd dockremap \

diff --git a/al2/aarch64/standard/3.0/Dockerfile b/al2/aarch64/standard/3.0/Dockerfile
@@ -36,7 +36,7 @@ RUN set -ex \
            postgresql-devel procps-ng python-configobj readline-devel rsync sgml-common \
            patch pkg-config procps python3-configobj llvm rsync sqlite-devel \
            subversion-perl tar tcl tk vim wget which xfsprogs xmlto xorg-x11-server-Xvfb xz-devel \
-           amazon-ecr-credential-helper git-lfs
+           amazon-ecr-credential-helper git-lfs runc
 
 RUN useradd codebuild-user
 
@@ -357,6 +357,10 @@ RUN set -ex \
     && echo "${DOCKER_SHA256} *docker.tgz" | sha256sum -c - \
     && tar --extract --file docker.tgz --strip-components 1  --directory /usr/local/bin \
     && rm docker.tgz \
+    # replace runc package to resolve CVE-2024-21626
+    && rm /usr/local/bin/runc \
+    && ln -s /usr/sbin/runc /usr/local/bin/runc \
+    && runc -v \
     && docker -v \
     # set up subuid/subgid so that "--userns-remap=default" works out-of-the-box
     && groupadd dockremap \
@@ -384,8 +388,8 @@ RUN set -ex \
 FROM runtimes_2 AS runtimes_3
 
 #DotNet
-ENV DOTNET_6_SDK_VERSION="6.0.417"
-ENV DOTNET_8_SDK_VERSION="8.0.100"
+ENV DOTNET_6_SDK_VERSION="6.0.419"
+ENV DOTNET_8_SDK_VERSION="8.0.201"
 ENV DOTNET_6_GLOBAL_JSON_SDK_VERSION="6.0.0"
 ENV DOTNET_8_GLOBAL_JSON_SDK_VERSION="8.0.0"
 ENV DOTNET_ROOT="/root/.dotnet"