From f930fbd1bf08ae764456eaab9438ba2aa802020b Mon Sep 17 00:00:00 2001 From: geetasg Date: Wed, 18 Sep 2024 16:30:39 -0700 Subject: [PATCH] Add Dockerfiles for Neuron DLC with SDK 2.20.0 (#21) *Issue #, if available:* *Description of changes:* Add Dockerfiles for Neuron DLC with SDK 2.20.0 By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice. *Issue #, if available:* *Description of changes:* By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice. Signed-off-by: Geeta Gharpure Co-authored-by: Geeta Gharpure --- .../inference/1.13.1/Dockerfile.neuron | 6 +- .../Dockerfile.neuron.cve_allowlist.json | 275 +++++++++++++++- .../inference/1.13.1/Dockerfile.neuronx | 14 +- .../Dockerfile.neuronx.cve_allowlist.json | 275 +++++++++++++++- .../inference/2.1.2/Dockerfile.neuronx | 14 +- .../Dockerfile.neuronx.cve_allowlist.json | 275 +++++++++++++++- .../training/1.13.1/Dockerfile.neuronx | 16 +- .../Dockerfile.neuronx.cve_allowlist.json | 309 +++++++++++++++--- .../pytorch/training/2.1.2/Dockerfile.neuronx | 16 +- .../Dockerfile.neuronx.cve_allowlist.json | 309 +++++++++++++++--- 10 files changed, 1373 insertions(+), 136 deletions(-) diff --git a/docker/pytorch/inference/1.13.1/Dockerfile.neuron b/docker/pytorch/inference/1.13.1/Dockerfile.neuron index da386ec..83a23cd 100644 --- a/docker/pytorch/inference/1.13.1/Dockerfile.neuron +++ b/docker/pytorch/inference/1.13.1/Dockerfile.neuron @@ -5,9 +5,9 @@ LABEL maintainer="Amazon AI" LABEL com.amazonaws.sagemaker.capabilities.accept-bind-to-port=true # Neuron SDK components version numbers -ARG NEURON_FRAMEWORK_VERSION=1.13.1.2.10.12.0 -ARG NEURON_CC_VERSION=1.23.5.0 -ARG NEURONX_TOOLS_VERSION=2.18.3.0 +ARG NEURON_FRAMEWORK_VERSION=1.13.1.2.11.7.0 +ARG NEURON_CC_VERSION=1.24.0.0 +ARG NEURONX_TOOLS_VERSION=2.19.0.0 ARG PYTHON=python3.10 ARG PYTHON_VERSION=3.10.12 diff --git a/docker/pytorch/inference/1.13.1/Dockerfile.neuron.cve_allowlist.json b/docker/pytorch/inference/1.13.1/Dockerfile.neuron.cve_allowlist.json index 8ebcb7d..3b500b1 100644 --- a/docker/pytorch/inference/1.13.1/Dockerfile.neuron.cve_allowlist.json +++ b/docker/pytorch/inference/1.13.1/Dockerfile.neuron.cve_allowlist.json @@ -1,6 +1,6 @@ { - "CVE-2024-2511": { - "description": "Issue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\n\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\n\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\n\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this ", + "CVE-2023-6237": { + "description": "Issue summary: Checking excessively long invalid RSA public keys may take\na long time.\n\nImpact summary: Applications that use the function EVP_PKEY_public_check()\nto check RSA public keys may experience long delays. Where the key that\nis being checked has been obtained from an untrusted source this may lead\nto a Denial of Service.\n\nWhen function EVP_PKEY_public_check() is called on RSA public keys,\na computation is done to confirm that the RSA modulus, n, is composite.\nFor valid RSA keys, n is a product of two or more large primes and this\ncomputation completes quickly. However, if n is an overly large prime,\nthen this computation would take a long time.\n\nAn application that calls EVP_PKEY_public_check() and supplies an RSA key\nobtained from an untrusted source could be vulnerable to a Denial of Service\nattack.\n\nThe function EVP_PKEY_public_check() is not called from other OpenSSL\nfunctions however it is called from the OpenSSL pkey command line\napplication. For that reason that application is also vulnerable", "remediation": { "recommendation": { "text": "None Provided" @@ -10,18 +10,36 @@ "score_details": {}, "severity": "UNTRIAGED", "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6237", "status": "ACTIVE", - "title": "CVE-2024-2511 - cryptography, pyOpenSSL", - "vulnerability_id": "CVE-2024-2511", + "title": "CVE-2023-6237 - pyOpenSSL", + "vulnerability_id": "CVE-2023-6237", "vulnerable_packages": [ { "epoch": 0, - "filePath": "opt/conda/lib/python3.10/site-packages/cryptography-42.0.5.dist-info/METADATA", - "name": "cryptography", + "filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA", + "name": "pyOpenSSL", "packageManager": "PYTHONPKG", - "version": "42.0.5" - }, + "version": "24.0.0" + } + ] + }, + "CVE-2024-2511": { + "description": "Issue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\n\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\n\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\n\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this ", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511", + "status": "CLOSED", + "title": "CVE-2024-2511 - pyOpenSSL", + "vulnerability_id": "CVE-2024-2511", + "vulnerable_packages": [ { "epoch": 0, "filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA", @@ -80,5 +98,244 @@ "version": "1.13.1" } ] + }, + "CVE-2024-32002": { + "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32002.html", + "status": "ACTIVE", + "title": "CVE-2024-32002 - git", + "vulnerability_id": "CVE-2024-32002", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-32004": { + "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32004.html", + "status": "ACTIVE", + "title": "CVE-2024-32004 - git", + "vulnerability_id": "CVE-2024-32004", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-32020": { + "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repository into the target repository. This significantly speeds up such local clones compared to doing a \"proper\" clone and saves both disk space and compute time. When cloning a repository located on the same disk that is owned by a different user than the current user we also end up creating such hardlinks. These files will continue to be owned and controlled by the potentially-untrusted user and can be rewritten by them at will in the future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, ", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32020.html", + "status": "ACTIVE", + "title": "CVE-2024-32020 - git", + "vulnerability_id": "CVE-2024-32020", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-32021": { + "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the filesystem may creating hardlinks to arbitrary user-owned files on the same filesystem in the target Git repository's `objects/` directory. When cloning a repository over the filesystem (without explicitly specifying the `file://` protocol or `--no-local`), the optimizations for local cloning will be used, which include attempting to hard link the object files instead of copying them. While the code includes checks against symbolic links in the source repository, which were added during the fix for CVE-2022-39253, these checks can still be raced because the hard link operation ultimately follows symlinks. If the object on the filesystem appears as a ", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32021.html", + "status": "ACTIVE", + "title": "CVE-2024-32021 - git", + "vulnerability_id": "CVE-2024-32021", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-32465": { + "description": " Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources.", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32465.html", + "status": "ACTIVE", + "title": "CVE-2024-32465 - git", + "vulnerability_id": "CVE-2024-32465", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-34997": { + "description": "joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array().", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34997", + "status": "ACTIVE", + "title": "CVE-2024-34997 - joblib", + "vulnerability_id": "CVE-2024-34997", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "opt/conda/lib/python3.10/site-packages/joblib-1.4.2.dist-info/METADATA", + "name": "joblib", + "packageManager": "PYTHONPKG", + "version": "1.4.2" + } + ] + }, + "CVE-2024-35195": { + "description": "Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35195", + "status": "ACTIVE", + "title": "CVE-2024-35195 - requests", + "vulnerability_id": "CVE-2024-35195", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "opt/conda/lib/python3.10/site-packages/requests-2.31.0.dist-info/METADATA", + "name": "requests", + "packageManager": "PYTHONPKG", + "version": "2.31.0" + } + ] + }, + "CVE-2024-3651": { + "description": " [potential DoS via resource consumption via specially crafted inputs to idna.encode()]", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-3651.html", + "status": "ACTIVE", + "title": "CVE-2024-3651 - python-idna, python3-idna", + "vulnerability_id": "CVE-2024-3651", + "vulnerable_packages": [ + { + "arch": "ALL", + "epoch": 0, + "name": "python-idna", + "packageManager": "OS", + "release": "1", + "version": "2.8" + }, + { + "arch": "ALL", + "epoch": 0, + "name": "python3-idna", + "packageManager": "OS", + "release": "1", + "version": "2.8" + } + ] + }, + "CVE-2024-4603": { + "description": "Issue summary: Checking excessively long DSA keys or parameters may be very\nslow.\n\nImpact summary: Applications that use the functions EVP_PKEY_param_check()\nor EVP_PKEY_public_check() to check a DSA public key or DSA parameters may\nexperience long delays. Where the key or parameters that are being checked\nhave been obtained from an untrusted source this may lead to a Denial of\nService.\n\nThe functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform\nvarious checks on DSA parameters. Some of those computations take a long time\nif the modulus (`p` parameter) is too large.\n\nTrying to use a very large modulus is slow and OpenSSL will not allow using\npublic keys with a modulus which is over 10,000 bits in length for signature\nverification. However the key and parameter check functions do not limit\nthe modulus size when performing the checks.\n\nAn application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()\nand supplies a key or parameters obtained from an untrusted source could be\nvulnerable to", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4603", + "status": "ACTIVE", + "title": "CVE-2024-4603 - cryptography", + "vulnerability_id": "CVE-2024-4603", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "opt/conda/lib/python3.10/site-packages/cryptography-42.0.7.dist-info/METADATA", + "name": "cryptography", + "packageManager": "PYTHONPKG", + "version": "42.0.7" + } + ] } } diff --git a/docker/pytorch/inference/1.13.1/Dockerfile.neuronx b/docker/pytorch/inference/1.13.1/Dockerfile.neuronx index f0e08d4..b1d03ce 100644 --- a/docker/pytorch/inference/1.13.1/Dockerfile.neuronx +++ b/docker/pytorch/inference/1.13.1/Dockerfile.neuronx @@ -5,13 +5,13 @@ LABEL maintainer="Amazon AI" LABEL com.amazonaws.sagemaker.capabilities.accept-bind-to-port=true # Neuron SDK components version numbers -ARG NEURONX_FRAMEWORK_VERSION=1.13.1.1.15.0 -ARG NEURONX_DISTRIBUTED_VERSION=0.8.0 -ARG NEURONX_CC_VERSION=2.14.227.0 -ARG NEURONX_TRANSFORMERS_VERSION=0.11.351 -ARG NEURONX_COLLECTIVES_LIB_VERSION=2.21.46.0-69b77134b -ARG NEURONX_RUNTIME_LIB_VERSION=2.21.41.0-fb1705f5f -ARG NEURONX_TOOLS_VERSION=2.18.3.0 +ARG NEURONX_FRAMEWORK_VERSION=1.13.1.1.16.0 +ARG NEURONX_DISTRIBUTED_VERSION=0.9.0 +ARG NEURONX_CC_VERSION=2.15.128.0 +ARG NEURONX_TRANSFORMERS_VERSION=0.12.313 +ARG NEURONX_COLLECTIVES_LIB_VERSION=2.22.26.0-17a033bc8 +ARG NEURONX_RUNTIME_LIB_VERSION=2.22.14.0-6e27b8d5b +ARG NEURONX_TOOLS_VERSION=2.19.0.0 ARG PYTHON=python3.10 ARG PYTHON_VERSION=3.10.12 diff --git a/docker/pytorch/inference/1.13.1/Dockerfile.neuronx.cve_allowlist.json b/docker/pytorch/inference/1.13.1/Dockerfile.neuronx.cve_allowlist.json index 8ebcb7d..62e3f04 100644 --- a/docker/pytorch/inference/1.13.1/Dockerfile.neuronx.cve_allowlist.json +++ b/docker/pytorch/inference/1.13.1/Dockerfile.neuronx.cve_allowlist.json @@ -1,6 +1,6 @@ { - "CVE-2024-2511": { - "description": "Issue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\n\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\n\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\n\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this ", + "CVE-2023-6237": { + "description": "Issue summary: Checking excessively long invalid RSA public keys may take\na long time.\n\nImpact summary: Applications that use the function EVP_PKEY_public_check()\nto check RSA public keys may experience long delays. Where the key that\nis being checked has been obtained from an untrusted source this may lead\nto a Denial of Service.\n\nWhen function EVP_PKEY_public_check() is called on RSA public keys,\na computation is done to confirm that the RSA modulus, n, is composite.\nFor valid RSA keys, n is a product of two or more large primes and this\ncomputation completes quickly. However, if n is an overly large prime,\nthen this computation would take a long time.\n\nAn application that calls EVP_PKEY_public_check() and supplies an RSA key\nobtained from an untrusted source could be vulnerable to a Denial of Service\nattack.\n\nThe function EVP_PKEY_public_check() is not called from other OpenSSL\nfunctions however it is called from the OpenSSL pkey command line\napplication. For that reason that application is also vulnerable", "remediation": { "recommendation": { "text": "None Provided" @@ -10,18 +10,36 @@ "score_details": {}, "severity": "UNTRIAGED", "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6237", "status": "ACTIVE", - "title": "CVE-2024-2511 - cryptography, pyOpenSSL", - "vulnerability_id": "CVE-2024-2511", + "title": "CVE-2023-6237 - pyOpenSSL", + "vulnerability_id": "CVE-2023-6237", "vulnerable_packages": [ { "epoch": 0, - "filePath": "opt/conda/lib/python3.10/site-packages/cryptography-42.0.5.dist-info/METADATA", - "name": "cryptography", + "filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA", + "name": "pyOpenSSL", "packageManager": "PYTHONPKG", - "version": "42.0.5" - }, + "version": "24.0.0" + } + ] + }, + "CVE-2024-2511": { + "description": "Issue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\n\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\n\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\n\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this ", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511", + "status": "CLOSED", + "title": "CVE-2024-2511 - pyOpenSSL", + "vulnerability_id": "CVE-2024-2511", + "vulnerable_packages": [ { "epoch": 0, "filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA", @@ -80,5 +98,244 @@ "version": "1.13.1" } ] + }, + "CVE-2024-32002": { + "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32002.html", + "status": "ACTIVE", + "title": "CVE-2024-32002 - git", + "vulnerability_id": "CVE-2024-32002", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-32004": { + "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32004.html", + "status": "ACTIVE", + "title": "CVE-2024-32004 - git", + "vulnerability_id": "CVE-2024-32004", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-32020": { + "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repository into the target repository. This significantly speeds up such local clones compared to doing a \"proper\" clone and saves both disk space and compute time. When cloning a repository located on the same disk that is owned by a different user than the current user we also end up creating such hardlinks. These files will continue to be owned and controlled by the potentially-untrusted user and can be rewritten by them at will in the future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, ", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32020.html", + "status": "ACTIVE", + "title": "CVE-2024-32020 - git", + "vulnerability_id": "CVE-2024-32020", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-32021": { + "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the filesystem may creating hardlinks to arbitrary user-owned files on the same filesystem in the target Git repository's `objects/` directory. When cloning a repository over the filesystem (without explicitly specifying the `file://` protocol or `--no-local`), the optimizations for local cloning will be used, which include attempting to hard link the object files instead of copying them. While the code includes checks against symbolic links in the source repository, which were added during the fix for CVE-2022-39253, these checks can still be raced because the hard link operation ultimately follows symlinks. If the object on the filesystem appears as a ", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32021.html", + "status": "ACTIVE", + "title": "CVE-2024-32021 - git", + "vulnerability_id": "CVE-2024-32021", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-32465": { + "description": " Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources.", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32465.html", + "status": "ACTIVE", + "title": "CVE-2024-32465 - git", + "vulnerability_id": "CVE-2024-32465", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-34997": { + "description": "joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array().", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34997", + "status": "ACTIVE", + "title": "CVE-2024-34997 - joblib", + "vulnerability_id": "CVE-2024-34997", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "opt/conda/lib/python3.10/site-packages/joblib-1.4.2.dist-info/METADATA", + "name": "joblib", + "packageManager": "PYTHONPKG", + "version": "1.4.2" + } + ] + }, + "CVE-2024-35195": { + "description": "Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35195", + "status": "ACTIVE", + "title": "CVE-2024-35195 - requests", + "vulnerability_id": "CVE-2024-35195", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "opt/conda/lib/python3.10/site-packages/requests-2.31.0.dist-info/METADATA", + "name": "requests", + "packageManager": "PYTHONPKG", + "version": "2.31.0" + } + ] + }, + "CVE-2024-3651": { + "description": " [potential DoS via resource consumption via specially crafted inputs to idna.encode()]", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-3651.html", + "status": "ACTIVE", + "title": "CVE-2024-3651 - python3-idna, python-idna", + "vulnerability_id": "CVE-2024-3651", + "vulnerable_packages": [ + { + "arch": "ALL", + "epoch": 0, + "name": "python3-idna", + "packageManager": "OS", + "release": "1", + "version": "2.8" + }, + { + "arch": "ALL", + "epoch": 0, + "name": "python-idna", + "packageManager": "OS", + "release": "1", + "version": "2.8" + } + ] + }, + "CVE-2024-4603": { + "description": "Issue summary: Checking excessively long DSA keys or parameters may be very\nslow.\n\nImpact summary: Applications that use the functions EVP_PKEY_param_check()\nor EVP_PKEY_public_check() to check a DSA public key or DSA parameters may\nexperience long delays. Where the key or parameters that are being checked\nhave been obtained from an untrusted source this may lead to a Denial of\nService.\n\nThe functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform\nvarious checks on DSA parameters. Some of those computations take a long time\nif the modulus (`p` parameter) is too large.\n\nTrying to use a very large modulus is slow and OpenSSL will not allow using\npublic keys with a modulus which is over 10,000 bits in length for signature\nverification. However the key and parameter check functions do not limit\nthe modulus size when performing the checks.\n\nAn application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()\nand supplies a key or parameters obtained from an untrusted source could be\nvulnerable to", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4603", + "status": "ACTIVE", + "title": "CVE-2024-4603 - cryptography", + "vulnerability_id": "CVE-2024-4603", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "opt/conda/lib/python3.10/site-packages/cryptography-42.0.7.dist-info/METADATA", + "name": "cryptography", + "packageManager": "PYTHONPKG", + "version": "42.0.7" + } + ] } } diff --git a/docker/pytorch/inference/2.1.2/Dockerfile.neuronx b/docker/pytorch/inference/2.1.2/Dockerfile.neuronx index 026c694..611c8a1 100644 --- a/docker/pytorch/inference/2.1.2/Dockerfile.neuronx +++ b/docker/pytorch/inference/2.1.2/Dockerfile.neuronx @@ -5,13 +5,13 @@ LABEL maintainer="Amazon AI" LABEL com.amazonaws.sagemaker.capabilities.accept-bind-to-port=true # Neuron SDK components version numbers -ARG NEURONX_DISTRIBUTED_VERSION=0.8.0 -ARG NEURONX_CC_VERSION=2.14.227.0 -ARG NEURONX_FRAMEWORK_VERSION=2.1.2.2.2.0 -ARG NEURONX_TRANSFORMERS_VERSION=0.11.351 -ARG NEURONX_COLLECTIVES_LIB_VERSION=2.21.46.0-69b77134b -ARG NEURONX_RUNTIME_LIB_VERSION=2.21.41.0-fb1705f5f -ARG NEURONX_TOOLS_VERSION=2.18.3.0 +ARG NEURONX_DISTRIBUTED_VERSION=0.9.0 +ARG NEURONX_CC_VERSION=2.15.128.0 +ARG NEURONX_FRAMEWORK_VERSION=2.1.2.2.3.0 +ARG NEURONX_TRANSFORMERS_VERSION=0.12.313 +ARG NEURONX_COLLECTIVES_LIB_VERSION=2.22.26.0-17a033bc8 +ARG NEURONX_RUNTIME_LIB_VERSION=2.22.14.0-6e27b8d5b +ARG NEURONX_TOOLS_VERSION=2.19.0.0 ARG PYTHON=python3.10 ARG PYTHON_VERSION=3.10.12 diff --git a/docker/pytorch/inference/2.1.2/Dockerfile.neuronx.cve_allowlist.json b/docker/pytorch/inference/2.1.2/Dockerfile.neuronx.cve_allowlist.json index 13a6b82..eedd7fb 100644 --- a/docker/pytorch/inference/2.1.2/Dockerfile.neuronx.cve_allowlist.json +++ b/docker/pytorch/inference/2.1.2/Dockerfile.neuronx.cve_allowlist.json @@ -1,6 +1,6 @@ { - "CVE-2024-2511": { - "description": "Issue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\n\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\n\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\n\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this ", + "CVE-2023-6237": { + "description": "Issue summary: Checking excessively long invalid RSA public keys may take\na long time.\n\nImpact summary: Applications that use the function EVP_PKEY_public_check()\nto check RSA public keys may experience long delays. Where the key that\nis being checked has been obtained from an untrusted source this may lead\nto a Denial of Service.\n\nWhen function EVP_PKEY_public_check() is called on RSA public keys,\na computation is done to confirm that the RSA modulus, n, is composite.\nFor valid RSA keys, n is a product of two or more large primes and this\ncomputation completes quickly. However, if n is an overly large prime,\nthen this computation would take a long time.\n\nAn application that calls EVP_PKEY_public_check() and supplies an RSA key\nobtained from an untrusted source could be vulnerable to a Denial of Service\nattack.\n\nThe function EVP_PKEY_public_check() is not called from other OpenSSL\nfunctions however it is called from the OpenSSL pkey command line\napplication. For that reason that application is also vulnerable", "remediation": { "recommendation": { "text": "None Provided" @@ -10,10 +10,10 @@ "score_details": {}, "severity": "UNTRIAGED", "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6237", "status": "ACTIVE", - "title": "CVE-2024-2511 - pyOpenSSL, cryptography", - "vulnerability_id": "CVE-2024-2511", + "title": "CVE-2023-6237 - pyOpenSSL", + "vulnerability_id": "CVE-2023-6237", "vulnerable_packages": [ { "epoch": 0, @@ -21,13 +21,31 @@ "name": "pyOpenSSL", "packageManager": "PYTHONPKG", "version": "24.0.0" - }, + } + ] + }, + "CVE-2024-2511": { + "description": "Issue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\n\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\n\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\n\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this ", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511", + "status": "CLOSED", + "title": "CVE-2024-2511 - pyOpenSSL", + "vulnerability_id": "CVE-2024-2511", + "vulnerable_packages": [ { "epoch": 0, - "filePath": "opt/conda/lib/python3.10/site-packages/cryptography-42.0.5.dist-info/METADATA", - "name": "cryptography", + "filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA", + "name": "pyOpenSSL", "packageManager": "PYTHONPKG", - "version": "42.0.5" + "version": "24.0.0" } ] }, @@ -80,5 +98,244 @@ "version": "2.1.2" } ] + }, + "CVE-2024-32002": { + "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32002.html", + "status": "ACTIVE", + "title": "CVE-2024-32002 - git", + "vulnerability_id": "CVE-2024-32002", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-32004": { + "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32004.html", + "status": "ACTIVE", + "title": "CVE-2024-32004 - git", + "vulnerability_id": "CVE-2024-32004", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-32020": { + "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repository into the target repository. This significantly speeds up such local clones compared to doing a \"proper\" clone and saves both disk space and compute time. When cloning a repository located on the same disk that is owned by a different user than the current user we also end up creating such hardlinks. These files will continue to be owned and controlled by the potentially-untrusted user and can be rewritten by them at will in the future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, ", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32020.html", + "status": "ACTIVE", + "title": "CVE-2024-32020 - git", + "vulnerability_id": "CVE-2024-32020", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-32021": { + "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the filesystem may creating hardlinks to arbitrary user-owned files on the same filesystem in the target Git repository's `objects/` directory. When cloning a repository over the filesystem (without explicitly specifying the `file://` protocol or `--no-local`), the optimizations for local cloning will be used, which include attempting to hard link the object files instead of copying them. While the code includes checks against symbolic links in the source repository, which were added during the fix for CVE-2022-39253, these checks can still be raced because the hard link operation ultimately follows symlinks. If the object on the filesystem appears as a ", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32021.html", + "status": "ACTIVE", + "title": "CVE-2024-32021 - git", + "vulnerability_id": "CVE-2024-32021", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-32465": { + "description": " Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources.", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32465.html", + "status": "ACTIVE", + "title": "CVE-2024-32465 - git", + "vulnerability_id": "CVE-2024-32465", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-34997": { + "description": "joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array().", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34997", + "status": "ACTIVE", + "title": "CVE-2024-34997 - joblib", + "vulnerability_id": "CVE-2024-34997", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "opt/conda/lib/python3.10/site-packages/joblib-1.4.2.dist-info/METADATA", + "name": "joblib", + "packageManager": "PYTHONPKG", + "version": "1.4.2" + } + ] + }, + "CVE-2024-35195": { + "description": "Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35195", + "status": "ACTIVE", + "title": "CVE-2024-35195 - requests", + "vulnerability_id": "CVE-2024-35195", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "opt/conda/lib/python3.10/site-packages/requests-2.31.0.dist-info/METADATA", + "name": "requests", + "packageManager": "PYTHONPKG", + "version": "2.31.0" + } + ] + }, + "CVE-2024-3651": { + "description": " [potential DoS via resource consumption via specially crafted inputs to idna.encode()]", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-3651.html", + "status": "ACTIVE", + "title": "CVE-2024-3651 - python-idna, python3-idna", + "vulnerability_id": "CVE-2024-3651", + "vulnerable_packages": [ + { + "arch": "ALL", + "epoch": 0, + "name": "python-idna", + "packageManager": "OS", + "release": "1", + "version": "2.8" + }, + { + "arch": "ALL", + "epoch": 0, + "name": "python3-idna", + "packageManager": "OS", + "release": "1", + "version": "2.8" + } + ] + }, + "CVE-2024-4603": { + "description": "Issue summary: Checking excessively long DSA keys or parameters may be very\nslow.\n\nImpact summary: Applications that use the functions EVP_PKEY_param_check()\nor EVP_PKEY_public_check() to check a DSA public key or DSA parameters may\nexperience long delays. Where the key or parameters that are being checked\nhave been obtained from an untrusted source this may lead to a Denial of\nService.\n\nThe functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform\nvarious checks on DSA parameters. Some of those computations take a long time\nif the modulus (`p` parameter) is too large.\n\nTrying to use a very large modulus is slow and OpenSSL will not allow using\npublic keys with a modulus which is over 10,000 bits in length for signature\nverification. However the key and parameter check functions do not limit\nthe modulus size when performing the checks.\n\nAn application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()\nand supplies a key or parameters obtained from an untrusted source could be\nvulnerable to", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4603", + "status": "ACTIVE", + "title": "CVE-2024-4603 - cryptography", + "vulnerability_id": "CVE-2024-4603", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "opt/conda/lib/python3.10/site-packages/cryptography-42.0.7.dist-info/METADATA", + "name": "cryptography", + "packageManager": "PYTHONPKG", + "version": "42.0.7" + } + ] } } diff --git a/docker/pytorch/training/1.13.1/Dockerfile.neuronx b/docker/pytorch/training/1.13.1/Dockerfile.neuronx index c015246..11ca60e 100644 --- a/docker/pytorch/training/1.13.1/Dockerfile.neuronx +++ b/docker/pytorch/training/1.13.1/Dockerfile.neuronx @@ -4,12 +4,13 @@ LABEL maintainer="Amazon AI" LABEL dlc_major_version="1" # Neuron SDK components version numbers -ARG NEURONX_FRAMEWORK_VERSION=1.13.1.1.15.0 -ARG NEURONX_DISTRIBUTED_VERSION=0.8.0 -ARG NEURONX_CC_VERSION=2.14.227.0 -ARG NEURONX_COLLECTIVES_LIB_VERSION=2.21.46.0-69b77134b -ARG NEURONX_RUNTIME_LIB_VERSION=2.21.41.0-fb1705f5f -ARG NEURONX_TOOLS_VERSION=2.18.3.0 +ARG NEURONX_FRAMEWORK_VERSION=1.13.1.1.16.0 +ARG NEURONX_DISTRIBUTED_VERSION=0.9.0 +ARG NEURONX_DISTRIBUTED_TRAINING_VERSION=1.0.0 +ARG NEURONX_CC_VERSION=2.15.128.0 +ARG NEURONX_COLLECTIVES_LIB_VERSION=2.22.26.0-17a033bc8 +ARG NEURONX_RUNTIME_LIB_VERSION=2.22.14.0-6e27b8d5b +ARG NEURONX_TOOLS_VERSION=2.19.0.0 ARG PYTHON=python3.10 ARG PYTHON_VERSION=3.10.12 @@ -142,7 +143,8 @@ RUN mkdir -p /etc/pki/tls/certs && cp /etc/ssl/certs/ca-certificates.crt /etc/pk RUN ${PIP} config set global.extra-index-url https://pip.repos.neuron.amazonaws.com \ && ${PIP} install --force-reinstall torch-neuronx==$NEURONX_FRAMEWORK_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com \ && ${PIP} install --force-reinstall neuronx-cc==$NEURONX_CC_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com \ - && ${PIP} install --force-reinstall --no-deps neuronx_distributed==$NEURONX_DISTRIBUTED_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com + && ${PIP} install --force-reinstall --no-deps neuronx_distributed==$NEURONX_DISTRIBUTED_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com \ +&& ${PIP} install --force-reinstall --no-deps neuronx_distributed_training==$NEURONX_DISTRIBUTED_TRAINING_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com # attrs, neuronx-cc required: >=19.2.0, sagemaker <24,>=23.1.0 # protobuf neuronx-cc<4, sagemaker-training >=3.9.2,<=3.20.3 diff --git a/docker/pytorch/training/1.13.1/Dockerfile.neuronx.cve_allowlist.json b/docker/pytorch/training/1.13.1/Dockerfile.neuronx.cve_allowlist.json index 68bae57..ee29b8c 100644 --- a/docker/pytorch/training/1.13.1/Dockerfile.neuronx.cve_allowlist.json +++ b/docker/pytorch/training/1.13.1/Dockerfile.neuronx.cve_allowlist.json @@ -1,6 +1,6 @@ { - "CVE-2024-2511": { - "description": "Issue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\n\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\n\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\n\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this ", + "CVE-2024-31580": { + "description": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.", "remediation": { "recommendation": { "text": "None Provided" @@ -10,22 +10,22 @@ "score_details": {}, "severity": "UNTRIAGED", "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31580", "status": "ACTIVE", - "title": "CVE-2024-2511 - cryptography", - "vulnerability_id": "CVE-2024-2511", + "title": "CVE-2024-31580 - torch", + "vulnerability_id": "CVE-2024-31580", "vulnerable_packages": [ { "epoch": 0, - "filePath": "usr/local/lib/python3.10/site-packages/cryptography-42.0.5.dist-info/METADATA", - "name": "cryptography", + "filePath": "usr/local/lib/python3.10/site-packages/torch-1.13.1.dist-info/METADATA", + "name": "torch", "packageManager": "PYTHONPKG", - "version": "42.0.5" + "version": "1.13.1" } ] }, - "CVE-2024-31580": { - "description": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.", + "CVE-2024-31583": { + "description": "Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.", "remediation": { "recommendation": { "text": "None Provided" @@ -35,10 +35,10 @@ "score_details": {}, "severity": "UNTRIAGED", "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31580", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31583", "status": "ACTIVE", - "title": "CVE-2024-31580 - torch", - "vulnerability_id": "CVE-2024-31580", + "title": "CVE-2024-31583 - torch", + "vulnerability_id": "CVE-2024-31583", "vulnerable_packages": [ { "epoch": 0, @@ -49,8 +49,138 @@ } ] }, - "CVE-2024-31583": { - "description": "Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.", + "CVE-2024-32002": { + "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32002.html", + "status": "ACTIVE", + "title": "CVE-2024-32002 - git", + "vulnerability_id": "CVE-2024-32002", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-32004": { + "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32004.html", + "status": "ACTIVE", + "title": "CVE-2024-32004 - git", + "vulnerability_id": "CVE-2024-32004", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-32020": { + "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repository into the target repository. This significantly speeds up such local clones compared to doing a \"proper\" clone and saves both disk space and compute time. When cloning a repository located on the same disk that is owned by a different user than the current user we also end up creating such hardlinks. These files will continue to be owned and controlled by the potentially-untrusted user and can be rewritten by them at will in the future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, ", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32020.html", + "status": "ACTIVE", + "title": "CVE-2024-32020 - git", + "vulnerability_id": "CVE-2024-32020", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-32021": { + "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the filesystem may creating hardlinks to arbitrary user-owned files on the same filesystem in the target Git repository's `objects/` directory. When cloning a repository over the filesystem (without explicitly specifying the `file://` protocol or `--no-local`), the optimizations for local cloning will be used, which include attempting to hard link the object files instead of copying them. While the code includes checks against symbolic links in the source repository, which were added during the fix for CVE-2022-39253, these checks can still be raced because the hard link operation ultimately follows symlinks. If the object on the filesystem appears as a ", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32021.html", + "status": "ACTIVE", + "title": "CVE-2024-32021 - git", + "vulnerability_id": "CVE-2024-32021", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-32465": { + "description": " Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources.", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32465.html", + "status": "ACTIVE", + "title": "CVE-2024-32465 - git", + "vulnerability_id": "CVE-2024-32465", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-34072": { + "description": "sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.base_deserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both confidentiality and integrity. Users are advised to upgrade to version 2.218.0. Users unable to upgrade should not pass pickled numpy object arrays which originated from an untrusted source, or that could have been tampered with. Only pass pickled numpy object arrays from trusted sources.", "remediation": { "recommendation": { "text": "None Provided" @@ -60,17 +190,92 @@ "score_details": {}, "severity": "UNTRIAGED", "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31583", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34072", "status": "ACTIVE", - "title": "CVE-2024-31583 - torch", - "vulnerability_id": "CVE-2024-31583", + "title": "CVE-2024-34072 - sagemaker", + "vulnerability_id": "CVE-2024-34072", "vulnerable_packages": [ { "epoch": 0, - "filePath": "usr/local/lib/python3.10/site-packages/torch-1.13.1.dist-info/METADATA", - "name": "torch", + "filePath": "usr/local/lib/python3.10/site-packages/sagemaker-2.183.0.dist-info/METADATA", + "name": "sagemaker", "packageManager": "PYTHONPKG", - "version": "1.13.1" + "version": "2.183.0" + } + ] + }, + "CVE-2024-34073": { + "description": "sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capture_dependencies function in `sagemaker.serve.save_retrive.version_1_0_0.save.utils` module allows for potentially unsafe Operating System (OS) Command Injection if inappropriate command is passed as the \u201crequirements_path\u201d parameter. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both confidentiality and integrity. This issue has been addressed in version 2.214.3. Users are advised to upgrade. Users unable to upgrade should not override the \u201crequirements_path\u201d parameter of capture_dependencies function in `sagemaker.serve.save_retrive.version_1_0_0.save.utils`, and instead use the default value.", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34073", + "status": "ACTIVE", + "title": "CVE-2024-34073 - sagemaker", + "vulnerability_id": "CVE-2024-34073", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "usr/local/lib/python3.10/site-packages/sagemaker-2.183.0.dist-info/METADATA", + "name": "sagemaker", + "packageManager": "PYTHONPKG", + "version": "2.183.0" + } + ] + }, + "CVE-2024-34997": { + "description": "joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array().", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34997", + "status": "ACTIVE", + "title": "CVE-2024-34997 - joblib", + "vulnerability_id": "CVE-2024-34997", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "usr/local/lib/python3.10/site-packages/joblib-1.4.2.dist-info/METADATA", + "name": "joblib", + "packageManager": "PYTHONPKG", + "version": "1.4.2" + } + ] + }, + "CVE-2024-35195": { + "description": "Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35195", + "status": "ACTIVE", + "title": "CVE-2024-35195 - requests", + "vulnerability_id": "CVE-2024-35195", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "usr/local/lib/python3.10/site-packages/requests-2.31.0.dist-info/METADATA", + "name": "requests", + "packageManager": "PYTHONPKG", + "version": "2.31.0" } ] }, @@ -99,36 +304,62 @@ } ] }, - "SNYK-PYTHON-TRANSFORMERS-6220003": { - "description": "## Overview\n[transformers](https://pypi.org/project/transformers) is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow\n\nAffected versions of this package are vulnerable to Command Injection via the `subprocess.Popen` calls. This could potentially allow for the execution of arbitrary code.\r\n\r\n\r\n**Note:**\r\nIt appears that while this issue is generally not critical for the library's primary use cases, it can become more significant in specific production environments. \r\nParticularly in scenarios where the library interacts with user-generated input, such as in web application backends, desktop applications, and cloud-based ML services, the risk of arbitrary code execution increases.\n## Remediation\nUpgrade `transformers` to version 4.37.0 or higher.\n## References\n- [Additional Information](https://bandit.readthedocs.io/en/1.7.6/plugins/b602_subprocess_popen_with_shell_equals_true.html)\n- [GitHub Commit](https://github.com/huggingface/transformers/commit/2272ab57a99bcac972b5252b87c31e24d0b25538)\n", + "CVE-2024-3651": { + "description": " [potential DoS via resource consumption via specially crafted inputs to idna.encode()]", "remediation": { "recommendation": { "text": "None Provided" } }, - "score": 6.5, - "score_details": { - "cvss": { - "adjustments": [], - "score": 6.5, - "scoreSource": "SNYK", - "scoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "version": "3.1" + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-3651.html", + "status": "ACTIVE", + "title": "CVE-2024-3651 - python-idna, python3-idna", + "vulnerability_id": "CVE-2024-3651", + "vulnerable_packages": [ + { + "arch": "ALL", + "epoch": 0, + "name": "python-idna", + "packageManager": "OS", + "release": "1", + "version": "2.8" + }, + { + "arch": "ALL", + "epoch": 0, + "name": "python3-idna", + "packageManager": "OS", + "release": "1", + "version": "2.8" + } + ] + }, + "CVE-2024-4603": { + "description": "Issue summary: Checking excessively long DSA keys or parameters may be very\nslow.\n\nImpact summary: Applications that use the functions EVP_PKEY_param_check()\nor EVP_PKEY_public_check() to check a DSA public key or DSA parameters may\nexperience long delays. Where the key or parameters that are being checked\nhave been obtained from an untrusted source this may lead to a Denial of\nService.\n\nThe functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform\nvarious checks on DSA parameters. Some of those computations take a long time\nif the modulus (`p` parameter) is too large.\n\nTrying to use a very large modulus is slow and OpenSSL will not allow using\npublic keys with a modulus which is over 10,000 bits in length for signature\nverification. However the key and parameter check functions do not limit\nthe modulus size when performing the checks.\n\nAn application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()\nand supplies a key or parameters obtained from an untrusted source could be\nvulnerable to", + "remediation": { + "recommendation": { + "text": "None Provided" } }, - "severity": "MEDIUM", - "source": "SNYK", - "source_url": "https://security.snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-6220003", + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4603", "status": "ACTIVE", - "title": "IN1-PYTHON-TRANSFORMERS-6220003 - transformers", - "vulnerability_id": "SNYK-PYTHON-TRANSFORMERS-6220003", + "title": "CVE-2024-4603 - cryptography", + "vulnerability_id": "CVE-2024-4603", "vulnerable_packages": [ { "epoch": 0, - "filePath": "usr/local/lib/python3.10/site-packages/transformers-4.36.2.dist-info/METADATA", - "name": "transformers", + "filePath": "usr/local/lib/python3.10/site-packages/cryptography-42.0.7.dist-info/METADATA", + "name": "cryptography", "packageManager": "PYTHONPKG", - "version": "4.36.2" + "version": "42.0.7" } ] } diff --git a/docker/pytorch/training/2.1.2/Dockerfile.neuronx b/docker/pytorch/training/2.1.2/Dockerfile.neuronx index 11a874a..10918c5 100644 --- a/docker/pytorch/training/2.1.2/Dockerfile.neuronx +++ b/docker/pytorch/training/2.1.2/Dockerfile.neuronx @@ -4,12 +4,13 @@ LABEL maintainer="Amazon AI" LABEL dlc_major_version="1" # Neuron SDK components version numbers -ARG NEURONX_DISTRIBUTED_VERSION=0.8.0 -ARG NEURONX_CC_VERSION=2.14.227.0 -ARG NEURONX_FRAMEWORK_VERSION=2.1.2.2.2.0 -ARG NEURONX_COLLECTIVES_LIB_VERSION=2.21.46.0-69b77134b -ARG NEURONX_RUNTIME_LIB_VERSION=2.21.41.0-fb1705f5f -ARG NEURONX_TOOLS_VERSION=2.18.3.0 +ARG NEURONX_DISTRIBUTED_VERSION=0.9.0 +ARG NEURONX_DISTRIBUTED_TRAINING_VERSION=1.0.0 +ARG NEURONX_CC_VERSION=2.15.128.0 +ARG NEURONX_FRAMEWORK_VERSION=2.1.2.2.3.0 +ARG NEURONX_COLLECTIVES_LIB_VERSION=2.22.26.0-17a033bc8 +ARG NEURONX_RUNTIME_LIB_VERSION=2.22.14.0-6e27b8d5b +ARG NEURONX_TOOLS_VERSION=2.19.0.0 ARG PYTHON=python3.10 ARG PYTHON_VERSION=3.10.12 @@ -142,7 +143,8 @@ RUN mkdir -p /etc/pki/tls/certs && cp /etc/ssl/certs/ca-certificates.crt /etc/pk RUN ${PIP} config set global.extra-index-url https://pip.repos.neuron.amazonaws.com \ && ${PIP} install --force-reinstall torch-neuronx==$NEURONX_FRAMEWORK_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com \ && ${PIP} install --force-reinstall neuronx-cc==$NEURONX_CC_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com \ - && ${PIP} install --force-reinstall --no-deps neuronx_distributed==$NEURONX_DISTRIBUTED_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com + && ${PIP} install --force-reinstall --no-deps neuronx_distributed==$NEURONX_DISTRIBUTED_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com \ + && ${PIP} install --force-reinstall --no-deps neuronx_distributed_training==$NEURONX_DISTRIBUTED_TRAINING_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com # attrs, neuronx-cc required: >=19.2.0, sagemaker <24,>=23.1.0 # protobuf neuronx-cc<4, sagemaker-training >=3.9.2,<=3.20.3 diff --git a/docker/pytorch/training/2.1.2/Dockerfile.neuronx.cve_allowlist.json b/docker/pytorch/training/2.1.2/Dockerfile.neuronx.cve_allowlist.json index 95a83f5..31cfb23 100644 --- a/docker/pytorch/training/2.1.2/Dockerfile.neuronx.cve_allowlist.json +++ b/docker/pytorch/training/2.1.2/Dockerfile.neuronx.cve_allowlist.json @@ -1,6 +1,6 @@ { - "CVE-2024-2511": { - "description": "Issue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\n\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\n\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\n\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this ", + "CVE-2024-31580": { + "description": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.", "remediation": { "recommendation": { "text": "None Provided" @@ -10,22 +10,22 @@ "score_details": {}, "severity": "UNTRIAGED", "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31580", "status": "ACTIVE", - "title": "CVE-2024-2511 - cryptography", - "vulnerability_id": "CVE-2024-2511", + "title": "CVE-2024-31580 - torch", + "vulnerability_id": "CVE-2024-31580", "vulnerable_packages": [ { "epoch": 0, - "filePath": "usr/local/lib/python3.10/site-packages/cryptography-42.0.5.dist-info/METADATA", - "name": "cryptography", + "filePath": "usr/local/lib/python3.10/site-packages/torch-2.1.2.dist-info/METADATA", + "name": "torch", "packageManager": "PYTHONPKG", - "version": "42.0.5" + "version": "2.1.2" } ] }, - "CVE-2024-31580": { - "description": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.", + "CVE-2024-31583": { + "description": "Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.", "remediation": { "recommendation": { "text": "None Provided" @@ -35,10 +35,10 @@ "score_details": {}, "severity": "UNTRIAGED", "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31580", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31583", "status": "ACTIVE", - "title": "CVE-2024-31580 - torch", - "vulnerability_id": "CVE-2024-31580", + "title": "CVE-2024-31583 - torch", + "vulnerability_id": "CVE-2024-31583", "vulnerable_packages": [ { "epoch": 0, @@ -49,8 +49,138 @@ } ] }, - "CVE-2024-31583": { - "description": "Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.", + "CVE-2024-32002": { + "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32002.html", + "status": "ACTIVE", + "title": "CVE-2024-32002 - git", + "vulnerability_id": "CVE-2024-32002", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-32004": { + "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32004.html", + "status": "ACTIVE", + "title": "CVE-2024-32004 - git", + "vulnerability_id": "CVE-2024-32004", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-32020": { + "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repository into the target repository. This significantly speeds up such local clones compared to doing a \"proper\" clone and saves both disk space and compute time. When cloning a repository located on the same disk that is owned by a different user than the current user we also end up creating such hardlinks. These files will continue to be owned and controlled by the potentially-untrusted user and can be rewritten by them at will in the future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, ", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32020.html", + "status": "ACTIVE", + "title": "CVE-2024-32020 - git", + "vulnerability_id": "CVE-2024-32020", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-32021": { + "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the filesystem may creating hardlinks to arbitrary user-owned files on the same filesystem in the target Git repository's `objects/` directory. When cloning a repository over the filesystem (without explicitly specifying the `file://` protocol or `--no-local`), the optimizations for local cloning will be used, which include attempting to hard link the object files instead of copying them. While the code includes checks against symbolic links in the source repository, which were added during the fix for CVE-2022-39253, these checks can still be raced because the hard link operation ultimately follows symlinks. If the object on the filesystem appears as a ", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32021.html", + "status": "ACTIVE", + "title": "CVE-2024-32021 - git", + "vulnerability_id": "CVE-2024-32021", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-32465": { + "description": " Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources.", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32465.html", + "status": "ACTIVE", + "title": "CVE-2024-32465 - git", + "vulnerability_id": "CVE-2024-32465", + "vulnerable_packages": [ + { + "arch": "AMD64", + "epoch": 1, + "name": "git", + "packageManager": "OS", + "release": "1ubuntu3.11", + "version": "2.25.1" + } + ] + }, + "CVE-2024-34072": { + "description": "sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.base_deserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both confidentiality and integrity. Users are advised to upgrade to version 2.218.0. Users unable to upgrade should not pass pickled numpy object arrays which originated from an untrusted source, or that could have been tampered with. Only pass pickled numpy object arrays from trusted sources.", "remediation": { "recommendation": { "text": "None Provided" @@ -60,17 +190,92 @@ "score_details": {}, "severity": "UNTRIAGED", "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31583", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34072", "status": "ACTIVE", - "title": "CVE-2024-31583 - torch", - "vulnerability_id": "CVE-2024-31583", + "title": "CVE-2024-34072 - sagemaker", + "vulnerability_id": "CVE-2024-34072", "vulnerable_packages": [ { "epoch": 0, - "filePath": "usr/local/lib/python3.10/site-packages/torch-2.1.2.dist-info/METADATA", - "name": "torch", + "filePath": "usr/local/lib/python3.10/site-packages/sagemaker-2.183.0.dist-info/METADATA", + "name": "sagemaker", "packageManager": "PYTHONPKG", - "version": "2.1.2" + "version": "2.183.0" + } + ] + }, + "CVE-2024-34073": { + "description": "sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capture_dependencies function in `sagemaker.serve.save_retrive.version_1_0_0.save.utils` module allows for potentially unsafe Operating System (OS) Command Injection if inappropriate command is passed as the \u201crequirements_path\u201d parameter. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both confidentiality and integrity. This issue has been addressed in version 2.214.3. Users are advised to upgrade. Users unable to upgrade should not override the \u201crequirements_path\u201d parameter of capture_dependencies function in `sagemaker.serve.save_retrive.version_1_0_0.save.utils`, and instead use the default value.", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34073", + "status": "ACTIVE", + "title": "CVE-2024-34073 - sagemaker", + "vulnerability_id": "CVE-2024-34073", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "usr/local/lib/python3.10/site-packages/sagemaker-2.183.0.dist-info/METADATA", + "name": "sagemaker", + "packageManager": "PYTHONPKG", + "version": "2.183.0" + } + ] + }, + "CVE-2024-34997": { + "description": "joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array().", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34997", + "status": "ACTIVE", + "title": "CVE-2024-34997 - joblib", + "vulnerability_id": "CVE-2024-34997", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "usr/local/lib/python3.10/site-packages/joblib-1.4.2.dist-info/METADATA", + "name": "joblib", + "packageManager": "PYTHONPKG", + "version": "1.4.2" + } + ] + }, + "CVE-2024-35195": { + "description": "Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35195", + "status": "ACTIVE", + "title": "CVE-2024-35195 - requests", + "vulnerability_id": "CVE-2024-35195", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "usr/local/lib/python3.10/site-packages/requests-2.31.0.dist-info/METADATA", + "name": "requests", + "packageManager": "PYTHONPKG", + "version": "2.31.0" } ] }, @@ -99,36 +304,62 @@ } ] }, - "SNYK-PYTHON-TRANSFORMERS-6220003": { - "description": "## Overview\n[transformers](https://pypi.org/project/transformers) is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow\n\nAffected versions of this package are vulnerable to Command Injection via the `subprocess.Popen` calls. This could potentially allow for the execution of arbitrary code.\r\n\r\n\r\n**Note:**\r\nIt appears that while this issue is generally not critical for the library's primary use cases, it can become more significant in specific production environments. \r\nParticularly in scenarios where the library interacts with user-generated input, such as in web application backends, desktop applications, and cloud-based ML services, the risk of arbitrary code execution increases.\n## Remediation\nUpgrade `transformers` to version 4.37.0 or higher.\n## References\n- [Additional Information](https://bandit.readthedocs.io/en/1.7.6/plugins/b602_subprocess_popen_with_shell_equals_true.html)\n- [GitHub Commit](https://github.com/huggingface/transformers/commit/2272ab57a99bcac972b5252b87c31e24d0b25538)\n", + "CVE-2024-3651": { + "description": " [potential DoS via resource consumption via specially crafted inputs to idna.encode()]", "remediation": { "recommendation": { "text": "None Provided" } }, - "score": 6.5, - "score_details": { - "cvss": { - "adjustments": [], - "score": 6.5, - "scoreSource": "SNYK", - "scoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "version": "3.1" + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "UBUNTU_CVE", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-3651.html", + "status": "ACTIVE", + "title": "CVE-2024-3651 - python3-idna, python-idna", + "vulnerability_id": "CVE-2024-3651", + "vulnerable_packages": [ + { + "arch": "ALL", + "epoch": 0, + "name": "python3-idna", + "packageManager": "OS", + "release": "1", + "version": "2.8" + }, + { + "arch": "ALL", + "epoch": 0, + "name": "python-idna", + "packageManager": "OS", + "release": "1", + "version": "2.8" + } + ] + }, + "CVE-2024-4603": { + "description": "Issue summary: Checking excessively long DSA keys or parameters may be very\nslow.\n\nImpact summary: Applications that use the functions EVP_PKEY_param_check()\nor EVP_PKEY_public_check() to check a DSA public key or DSA parameters may\nexperience long delays. Where the key or parameters that are being checked\nhave been obtained from an untrusted source this may lead to a Denial of\nService.\n\nThe functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform\nvarious checks on DSA parameters. Some of those computations take a long time\nif the modulus (`p` parameter) is too large.\n\nTrying to use a very large modulus is slow and OpenSSL will not allow using\npublic keys with a modulus which is over 10,000 bits in length for signature\nverification. However the key and parameter check functions do not limit\nthe modulus size when performing the checks.\n\nAn application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()\nand supplies a key or parameters obtained from an untrusted source could be\nvulnerable to", + "remediation": { + "recommendation": { + "text": "None Provided" } }, - "severity": "MEDIUM", - "source": "SNYK", - "source_url": "https://security.snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-6220003", + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4603", "status": "ACTIVE", - "title": "IN1-PYTHON-TRANSFORMERS-6220003 - transformers", - "vulnerability_id": "SNYK-PYTHON-TRANSFORMERS-6220003", + "title": "CVE-2024-4603 - cryptography", + "vulnerability_id": "CVE-2024-4603", "vulnerable_packages": [ { "epoch": 0, - "filePath": "usr/local/lib/python3.10/site-packages/transformers-4.36.2.dist-info/METADATA", - "name": "transformers", + "filePath": "usr/local/lib/python3.10/site-packages/cryptography-42.0.7.dist-info/METADATA", + "name": "cryptography", "packageManager": "PYTHONPKG", - "version": "4.36.2" + "version": "42.0.7" } ] }