Fixes the critical CVE-2022-48174 and CVE-2024-37371

And high CVEs CVE-2024-6345, CVE-2023-29491, CVE-2023-7104

Issue-ID: INF-493
Change-Id: I073bfca3de06d8b68cc4d31c39e753fbe4a80cf5
Signed-off-by: vpachchi <vineela.pachchipulusu@windriver.com>

diff --git a/Dockerfile b/Dockerfile
index c6a21f4..8701183 100644 (file)
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,10 +18,8 @@ RUN apk add --no-cache \
     libtirpc-dev \
     linux-headers \
     make \
-    ncurses-dev \
     openssl-dev \
     pax-utils \
-    sqlite-dev \
     tcl-dev \
     tk \
     tk-dev \
@@ -42,6 +40,7 @@ ENV PATH="/.venv/bin:${PATH}"
 
 RUN mkdir -p /.venv && \
     python -m venv /.venv \
+    && pip install --no-cache-dir --upgrade pip setuptools==70.0 \
     && pip install --no-cache-dir -r /tmp/requirements.txt -r /tmp/requirements-stx.txt -c /tmp/constraints.txt \
     && pip install --no-cache-dir -e /src
 
@@ -52,11 +51,11 @@ ARG group=orano2
 
 USER root
 
-# Upgrade expat to latest version to mitigate CVE-2024-45492
+# Upgrade packages to latest versions to mitigate CVEs
 RUN echo "https://dl-cdn.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \
-    apk update && \
-    apk add --upgrade expat && \
-    apk info expat
+    apk update \
+    && apk add --upgrade expat busybox krb5 ncurses ncurses-dev sqlite sqlite-dev \
+    && apk info expat busybox krb5 ncurses sqlite
 
 RUN apk add --no-cache bash