Patch CVEs by IshaChid76 · Pull Request #236 · aws/sagemaker-scikit-learn-container

IshaChid76 · 2025-02-25T20:40:57Z

Issue #, if available:

Description of changes:

This PR patches the following CVEs: CVE-2021-44906 CVE-2023-36665 CVE-2024-47685
Includes upgrading packages minimist, protobufjs, linux-libc-dev.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

varunmoris · 2025-03-06T21:03:23Z

        && \
+    python3 -m pip install --upgrade pip && \
+    python3 -m pip install --upgrade certifi && \
+    apt-get clean && \


why are we doing this?

For some reason when I do a upgrade of the required packages, it gives me a new CVE relating to certifi so I am separately doing a upgrade for it.

varunmoris · 2025-03-06T21:03:43Z

+    # Node.js setup
+    mkdir -p /etc/apt/keyrings && \
+    curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | \
+        gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \


are these additions verified?

isha chidrawar added 21 commits February 25, 2025 15:34

added command to upgrade libgrpc library

43166bc

removed duplicate installation

59a72ac

fix typo

44070db

change to install from upgrade

6183b4b

pip install packages

e250e7d

added specific version

75614da

removed specifioc version

33de6a1

installing libgrpc

10ec1ef

added a line to install grpc

81441f1

change

88aa2f7

update miniconda

87f3f80

removed libgrpc upgrade

bec0f96

conda install libgrpc before pyarrow

01d35bf

install 24.7.1 conda

10f58cf

change miniconda packge version

7a06077

added back conda upgrade

a578e44

install libarchive

bf6781b

removed installation

55a7981

remove conda upgrade

37482e7

removed conda-libmamba-solver installation

65e36be

upgrading pyarrow_version

82b6efb

IshaChid76 closed this Mar 4, 2025

move pyarrow installation after mlio

f1932d0

IshaChid76 reopened this Mar 4, 2025

isha chidrawar added 6 commits March 4, 2025 16:39

separate install for pyarrow

3358963

install libgrpc at the end

4a2f219

removing the package-lock.json

d070226

npm install minimist protobufjs

8099477

installing and removing node.js and npm

e1aa336

moved npm and nodejs install at the start

75c34a8

isha chidrawar added 9 commits March 5, 2025 11:02

removing nodejs and npm after npm install

b6c01e6

get remove kitware how it was originally

6320e53

corrected syntax and this has the original remove for kitware

872712a

corrected syntax and added rm after packages are installed

741c236

certifi install version changed to 2023.7.22

5c8b216

removed certifi version

1c85aae

comment all the changes

4df66b0

added step to updrage certifi

cf46aba

nit

1e06305

IshaChid76 changed the title ~~Bump libgrpc library version to resolve CVEs~~ Patch CVEs Mar 6, 2025

varunmoris reviewed Mar 6, 2025

View reviewed changes

timkuo-amazon approved these changes Mar 7, 2025

View reviewed changes

IshaChid76 merged commit 38c8b75 into aws:master Mar 7, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Patch CVEs#236

Patch CVEs#236
IshaChid76 merged 37 commits intoaws:masterfrom
IshaChid76:master

IshaChid76 commented Feb 25, 2025 •

edited

Loading

Uh oh!

varunmoris Mar 6, 2025

Uh oh!

IshaChid76 Mar 6, 2025

Uh oh!

varunmoris Mar 6, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

IshaChid76 commented Feb 25, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

varunmoris Mar 6, 2025

Choose a reason for hiding this comment

Uh oh!

IshaChid76 Mar 6, 2025

Choose a reason for hiding this comment

Uh oh!

varunmoris Mar 6, 2025

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

IshaChid76 commented Feb 25, 2025 •

edited

Loading