From 30375bfaef19e433a2ef086abdb14ebdc6f896a6 Mon Sep 17 00:00:00 2001 From: Ziwen Ning Date: Fri, 12 Apr 2024 22:36:48 -0700 Subject: [PATCH] Add Dockerfiles for Neuron DLC with SDK 2.18.1 (#12) *Description of changes:* Add Dockerfiles for Neuron DLC with SDK 2.18.1 By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice. Signed-off-by: Ziwen Ning --- .../inference/1.13.1/Dockerfile.neuron | 2 +- .../Dockerfile.neuron.cve_allowlist.json | 90 +++++++++++++++++++ .../inference/1.13.1/Dockerfile.neuronx | 6 +- .../Dockerfile.neuronx.cve_allowlist.json | 90 +++++++++++++++++++ .../inference/2.1.2/Dockerfile.neuronx | 6 +- .../Dockerfile.neuronx.cve_allowlist.json | 90 +++++++++++++++++++ .../training/1.13.1/Dockerfile.neuronx | 3 +- .../Dockerfile.neuronx.cve_allowlist.json | 50 +++++++++++ .../pytorch/training/2.1.2/Dockerfile.neuronx | 3 +- .../Dockerfile.neuronx.cve_allowlist.json | 50 +++++++++++ 10 files changed, 381 insertions(+), 9 deletions(-) diff --git a/docker/pytorch/inference/1.13.1/Dockerfile.neuron b/docker/pytorch/inference/1.13.1/Dockerfile.neuron index bc9d6c8..8a1089c 100644 --- a/docker/pytorch/inference/1.13.1/Dockerfile.neuron +++ b/docker/pytorch/inference/1.13.1/Dockerfile.neuron @@ -11,7 +11,7 @@ ARG NEURONX_TOOLS_VERSION=2.17.1.0 ARG PYTHON=python3.10 ARG PYTHON_VERSION=3.10.12 -ARG TORCHSERVE_VERSION=0.9.0 +ARG TORCHSERVE_VERSION=0.10.0 ARG SM_TOOLKIT_VERSION=2.0.21 ARG MAMBA_VERSION=23.1.0-4 diff --git a/docker/pytorch/inference/1.13.1/Dockerfile.neuron.cve_allowlist.json b/docker/pytorch/inference/1.13.1/Dockerfile.neuron.cve_allowlist.json index 2c63c08..2ba4511 100644 --- a/docker/pytorch/inference/1.13.1/Dockerfile.neuron.cve_allowlist.json +++ b/docker/pytorch/inference/1.13.1/Dockerfile.neuron.cve_allowlist.json @@ -1,2 +1,92 @@ { + "CVE-2024-2511": { + "description": "Issue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\n\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\n\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\n\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this ", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511", + "status": "ACTIVE", + "title": "CVE-2024-2511 - pyOpenSSL, cryptography", + "vulnerability_id": "CVE-2024-2511", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA", + "name": "pyOpenSSL", + "packageManager": "PYTHONPKG", + "version": "24.0.0" + }, + { + "epoch": 0, + "filePath": "opt/conda/lib/python3.10/site-packages/cryptography-42.0.5.dist-info/METADATA", + "name": "cryptography", + "packageManager": "PYTHONPKG", + "version": "42.0.5" + } + ] + }, + "GHSA-jjg7-2v4v-x38h": { + "description": "### Impact\nA specially crafted argument to the `idna.encode()` function could consume significant resources. This may lead to a denial-of-service.\n\n### Patches\nThe function has been refined to reject such strings without the associated resource consumption in version 3.7.\n\n### Workarounds\nDomain names cannot exceed 253 characters in length, if this length limit is enforced prior to passing the domain to the `idna.encode()` function it should no longer consume significant resources. This is triggered by arbitrarily large inputs that would not occur in normal usage, but may be passed to the library assuming there is no preliminary input validation by the higher-level application.\n\n### References\n* https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "GITHUB", + "source_url": "https://github.com/advisories/GHSA-jjg7-2v4v-x38h", + "status": "ACTIVE", + "title": "GHSA-jjg7-2v4v-x38h - idna", + "vulnerability_id": "GHSA-jjg7-2v4v-x38h", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "opt/conda/lib/python3.10/site-packages/idna-3.6.dist-info/METADATA", + "name": "idna", + "packageManager": "PYTHONPKG", + "version": "3.6" + } + ] + }, + "SNYK-PYTHON-IDNA-6597975": { + "description": "## Overview\n\nAffected versions of this package are vulnerable to Resource Exhaustion via the `idna.encode` function. An attacker can consume significant resources and potentially cause a denial-of-service by supplying specially crafted arguments to this function. \r\n\r\n**Note:**\r\nThis is triggered by arbitrarily large inputs that would not occur in normal usage but may be passed to the library assuming there is no preliminary input validation by the higher-level application.\n## Remediation\nUpgrade `idna` to version 3.7 or higher.\n## References\n- [GitHub Commit](https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7)", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 6.2, + "score_details": { + "cvss": { + "adjustments": [], + "score": 6.2, + "scoreSource": "SNYK", + "scoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "severity": "MEDIUM", + "source": "SNYK", + "source_url": "https://security.snyk.io/vuln/SNYK-PYTHON-IDNA-6597975", + "status": "ACTIVE", + "title": "IN1-PYTHON-IDNA-6597975 - idna", + "vulnerability_id": "SNYK-PYTHON-IDNA-6597975", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "opt/conda/lib/python3.10/site-packages/idna-3.6.dist-info/METADATA", + "name": "idna", + "packageManager": "PYTHONPKG", + "version": "3.6" + } + ] + } } diff --git a/docker/pytorch/inference/1.13.1/Dockerfile.neuronx b/docker/pytorch/inference/1.13.1/Dockerfile.neuronx index 1e80e33..f635cea 100644 --- a/docker/pytorch/inference/1.13.1/Dockerfile.neuronx +++ b/docker/pytorch/inference/1.13.1/Dockerfile.neuronx @@ -7,15 +7,15 @@ LABEL com.amazonaws.sagemaker.capabilities.accept-bind-to-port=true # Neuron SDK components version numbers ARG NEURONX_FRAMEWORK_VERSION=1.13.1.1.14.0 ARG NEURONX_DISTRIBUTED_VERSION=0.7.0 -ARG NEURONX_CC_VERSION=2.13.66.0 -ARG NEURONX_TRANSFORMERS_VERSION=0.10.0.21 +ARG NEURONX_CC_VERSION=2.13.68.0 +ARG NEURONX_TRANSFORMERS_VERSION=0.10.0.360 ARG NEURONX_COLLECTIVES_LIB_VERSION=2.20.22.0-c101c322e ARG NEURONX_RUNTIME_LIB_VERSION=2.20.22.0-1b3ca6425 ARG NEURONX_TOOLS_VERSION=2.17.1.0 ARG PYTHON=python3.10 ARG PYTHON_VERSION=3.10.12 -ARG TORCHSERVE_VERSION=0.9.0 +ARG TORCHSERVE_VERSION=0.10.0 ARG SM_TOOLKIT_VERSION=2.0.21 ARG MAMBA_VERSION=23.1.0-4 diff --git a/docker/pytorch/inference/1.13.1/Dockerfile.neuronx.cve_allowlist.json b/docker/pytorch/inference/1.13.1/Dockerfile.neuronx.cve_allowlist.json index 2c63c08..2ba4511 100644 --- a/docker/pytorch/inference/1.13.1/Dockerfile.neuronx.cve_allowlist.json +++ b/docker/pytorch/inference/1.13.1/Dockerfile.neuronx.cve_allowlist.json @@ -1,2 +1,92 @@ { + "CVE-2024-2511": { + "description": "Issue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\n\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\n\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\n\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this ", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511", + "status": "ACTIVE", + "title": "CVE-2024-2511 - pyOpenSSL, cryptography", + "vulnerability_id": "CVE-2024-2511", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA", + "name": "pyOpenSSL", + "packageManager": "PYTHONPKG", + "version": "24.0.0" + }, + { + "epoch": 0, + "filePath": "opt/conda/lib/python3.10/site-packages/cryptography-42.0.5.dist-info/METADATA", + "name": "cryptography", + "packageManager": "PYTHONPKG", + "version": "42.0.5" + } + ] + }, + "GHSA-jjg7-2v4v-x38h": { + "description": "### Impact\nA specially crafted argument to the `idna.encode()` function could consume significant resources. This may lead to a denial-of-service.\n\n### Patches\nThe function has been refined to reject such strings without the associated resource consumption in version 3.7.\n\n### Workarounds\nDomain names cannot exceed 253 characters in length, if this length limit is enforced prior to passing the domain to the `idna.encode()` function it should no longer consume significant resources. This is triggered by arbitrarily large inputs that would not occur in normal usage, but may be passed to the library assuming there is no preliminary input validation by the higher-level application.\n\n### References\n* https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "GITHUB", + "source_url": "https://github.com/advisories/GHSA-jjg7-2v4v-x38h", + "status": "ACTIVE", + "title": "GHSA-jjg7-2v4v-x38h - idna", + "vulnerability_id": "GHSA-jjg7-2v4v-x38h", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "opt/conda/lib/python3.10/site-packages/idna-3.6.dist-info/METADATA", + "name": "idna", + "packageManager": "PYTHONPKG", + "version": "3.6" + } + ] + }, + "SNYK-PYTHON-IDNA-6597975": { + "description": "## Overview\n\nAffected versions of this package are vulnerable to Resource Exhaustion via the `idna.encode` function. An attacker can consume significant resources and potentially cause a denial-of-service by supplying specially crafted arguments to this function. \r\n\r\n**Note:**\r\nThis is triggered by arbitrarily large inputs that would not occur in normal usage but may be passed to the library assuming there is no preliminary input validation by the higher-level application.\n## Remediation\nUpgrade `idna` to version 3.7 or higher.\n## References\n- [GitHub Commit](https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7)", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 6.2, + "score_details": { + "cvss": { + "adjustments": [], + "score": 6.2, + "scoreSource": "SNYK", + "scoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "severity": "MEDIUM", + "source": "SNYK", + "source_url": "https://security.snyk.io/vuln/SNYK-PYTHON-IDNA-6597975", + "status": "ACTIVE", + "title": "IN1-PYTHON-IDNA-6597975 - idna", + "vulnerability_id": "SNYK-PYTHON-IDNA-6597975", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "opt/conda/lib/python3.10/site-packages/idna-3.6.dist-info/METADATA", + "name": "idna", + "packageManager": "PYTHONPKG", + "version": "3.6" + } + ] + } } diff --git a/docker/pytorch/inference/2.1.2/Dockerfile.neuronx b/docker/pytorch/inference/2.1.2/Dockerfile.neuronx index 50cc53f..c291bb4 100644 --- a/docker/pytorch/inference/2.1.2/Dockerfile.neuronx +++ b/docker/pytorch/inference/2.1.2/Dockerfile.neuronx @@ -6,16 +6,16 @@ LABEL com.amazonaws.sagemaker.capabilities.accept-bind-to-port=true # Neuron SDK components version numbers ARG NEURONX_DISTRIBUTED_VERSION=0.7.0 -ARG NEURONX_CC_VERSION=2.13.66.0 +ARG NEURONX_CC_VERSION=2.13.68.0 ARG NEURONX_FRAMEWORK_VERSION=2.1.2.2.1.0 -ARG NEURONX_TRANSFORMERS_VERSION=0.10.0.21 +ARG NEURONX_TRANSFORMERS_VERSION=0.10.0.360 ARG NEURONX_COLLECTIVES_LIB_VERSION=2.20.22.0-c101c322e ARG NEURONX_RUNTIME_LIB_VERSION=2.20.22.0-1b3ca6425 ARG NEURONX_TOOLS_VERSION=2.17.1.0 ARG PYTHON=python3.10 ARG PYTHON_VERSION=3.10.12 -ARG TORCHSERVE_VERSION=0.9.0 +ARG TORCHSERVE_VERSION=0.10.0 ARG SM_TOOLKIT_VERSION=2.0.21 ARG MAMBA_VERSION=23.1.0-4 diff --git a/docker/pytorch/inference/2.1.2/Dockerfile.neuronx.cve_allowlist.json b/docker/pytorch/inference/2.1.2/Dockerfile.neuronx.cve_allowlist.json index 2c63c08..feb5473 100644 --- a/docker/pytorch/inference/2.1.2/Dockerfile.neuronx.cve_allowlist.json +++ b/docker/pytorch/inference/2.1.2/Dockerfile.neuronx.cve_allowlist.json @@ -1,2 +1,92 @@ { + "CVE-2024-2511": { + "description": "Issue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\n\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\n\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\n\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this ", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511", + "status": "ACTIVE", + "title": "CVE-2024-2511 - cryptography, pyOpenSSL", + "vulnerability_id": "CVE-2024-2511", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "opt/conda/lib/python3.10/site-packages/cryptography-42.0.5.dist-info/METADATA", + "name": "cryptography", + "packageManager": "PYTHONPKG", + "version": "42.0.5" + }, + { + "epoch": 0, + "filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA", + "name": "pyOpenSSL", + "packageManager": "PYTHONPKG", + "version": "24.0.0" + } + ] + }, + "GHSA-jjg7-2v4v-x38h": { + "description": "### Impact\nA specially crafted argument to the `idna.encode()` function could consume significant resources. This may lead to a denial-of-service.\n\n### Patches\nThe function has been refined to reject such strings without the associated resource consumption in version 3.7.\n\n### Workarounds\nDomain names cannot exceed 253 characters in length, if this length limit is enforced prior to passing the domain to the `idna.encode()` function it should no longer consume significant resources. This is triggered by arbitrarily large inputs that would not occur in normal usage, but may be passed to the library assuming there is no preliminary input validation by the higher-level application.\n\n### References\n* https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "MEDIUM", + "source": "GITHUB", + "source_url": "https://github.com/advisories/GHSA-jjg7-2v4v-x38h", + "status": "ACTIVE", + "title": "GHSA-jjg7-2v4v-x38h - idna", + "vulnerability_id": "GHSA-jjg7-2v4v-x38h", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "opt/conda/lib/python3.10/site-packages/idna-3.6.dist-info/METADATA", + "name": "idna", + "packageManager": "PYTHONPKG", + "version": "3.6" + } + ] + }, + "SNYK-PYTHON-IDNA-6597975": { + "description": "## Overview\n\nAffected versions of this package are vulnerable to Resource Exhaustion via the `idna.encode` function. An attacker can consume significant resources and potentially cause a denial-of-service by supplying specially crafted arguments to this function. \r\n\r\n**Note:**\r\nThis is triggered by arbitrarily large inputs that would not occur in normal usage but may be passed to the library assuming there is no preliminary input validation by the higher-level application.\n## Remediation\nUpgrade `idna` to version 3.7 or higher.\n## References\n- [GitHub Commit](https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7)", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 6.2, + "score_details": { + "cvss": { + "adjustments": [], + "score": 6.2, + "scoreSource": "SNYK", + "scoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "severity": "MEDIUM", + "source": "SNYK", + "source_url": "https://security.snyk.io/vuln/SNYK-PYTHON-IDNA-6597975", + "status": "ACTIVE", + "title": "IN1-PYTHON-IDNA-6597975 - idna", + "vulnerability_id": "SNYK-PYTHON-IDNA-6597975", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "opt/conda/lib/python3.10/site-packages/idna-3.6.dist-info/METADATA", + "name": "idna", + "packageManager": "PYTHONPKG", + "version": "3.6" + } + ] + } } diff --git a/docker/pytorch/training/1.13.1/Dockerfile.neuronx b/docker/pytorch/training/1.13.1/Dockerfile.neuronx index 914f094..34ec682 100644 --- a/docker/pytorch/training/1.13.1/Dockerfile.neuronx +++ b/docker/pytorch/training/1.13.1/Dockerfile.neuronx @@ -6,7 +6,7 @@ LABEL dlc_major_version="1" # Neuron SDK components version numbers ARG NEURONX_FRAMEWORK_VERSION=1.13.1.1.14.0 ARG NEURONX_DISTRIBUTED_VERSION=0.7.0 -ARG NEURONX_CC_VERSION=2.13.66.0 +ARG NEURONX_CC_VERSION=2.13.68.0 ARG NEURONX_COLLECTIVES_LIB_VERSION=2.20.22.0-c101c322e ARG NEURONX_RUNTIME_LIB_VERSION=2.20.22.0-1b3ca6425 ARG NEURONX_TOOLS_VERSION=2.17.1.0 @@ -66,6 +66,7 @@ RUN apt-get update \ libgdbm-dev \ libc6-dev \ libbz2-dev \ + libncurses-dev \ tk-dev \ libffi-dev \ libcap-dev \ diff --git a/docker/pytorch/training/1.13.1/Dockerfile.neuronx.cve_allowlist.json b/docker/pytorch/training/1.13.1/Dockerfile.neuronx.cve_allowlist.json index e527d31..6e64086 100644 --- a/docker/pytorch/training/1.13.1/Dockerfile.neuronx.cve_allowlist.json +++ b/docker/pytorch/training/1.13.1/Dockerfile.neuronx.cve_allowlist.json @@ -1,4 +1,54 @@ { + "CVE-2024-2511": { + "description": "Issue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\n\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\n\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\n\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this ", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511", + "status": "ACTIVE", + "title": "CVE-2024-2511 - cryptography", + "vulnerability_id": "CVE-2024-2511", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "usr/local/lib/python3.10/site-packages/cryptography-42.0.5.dist-info/METADATA", + "name": "cryptography", + "packageManager": "PYTHONPKG", + "version": "42.0.5" + } + ] + }, + "CVE-2024-3568": { + "description": "The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine.", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3568", + "status": "ACTIVE", + "title": "CVE-2024-3568 - transformers", + "vulnerability_id": "CVE-2024-3568", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "usr/local/lib/python3.10/site-packages/transformers-4.36.2.dist-info/METADATA", + "name": "transformers", + "packageManager": "PYTHONPKG", + "version": "4.36.2" + } + ] + }, "SNYK-PYTHON-TRANSFORMERS-6220003": { "description": "## Overview\n[transformers](https://pypi.org/project/transformers) is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow\n\nAffected versions of this package are vulnerable to Command Injection via the `subprocess.Popen` calls. This could potentially allow for the execution of arbitrary code.\r\n\r\n\r\n**Note:**\r\nIt appears that while this issue is generally not critical for the library's primary use cases, it can become more significant in specific production environments. \r\nParticularly in scenarios where the library interacts with user-generated input, such as in web application backends, desktop applications, and cloud-based ML services, the risk of arbitrary code execution increases.\n## Remediation\nUpgrade `transformers` to version 4.37.0 or higher.\n## References\n- [Additional Information](https://bandit.readthedocs.io/en/1.7.6/plugins/b602_subprocess_popen_with_shell_equals_true.html)\n- [GitHub Commit](https://github.com/huggingface/transformers/commit/2272ab57a99bcac972b5252b87c31e24d0b25538)\n", "remediation": { diff --git a/docker/pytorch/training/2.1.2/Dockerfile.neuronx b/docker/pytorch/training/2.1.2/Dockerfile.neuronx index 2287420..0fd9fff 100644 --- a/docker/pytorch/training/2.1.2/Dockerfile.neuronx +++ b/docker/pytorch/training/2.1.2/Dockerfile.neuronx @@ -5,7 +5,7 @@ LABEL dlc_major_version="1" # Neuron SDK components version numbers ARG NEURONX_DISTRIBUTED_VERSION=0.7.0 -ARG NEURONX_CC_VERSION=2.13.66.0 +ARG NEURONX_CC_VERSION=2.13.68.0 ARG NEURONX_FRAMEWORK_VERSION=2.1.2.2.1.0 ARG NEURONX_COLLECTIVES_LIB_VERSION=2.20.22.0-c101c322e ARG NEURONX_RUNTIME_LIB_VERSION=2.20.22.0-1b3ca6425 @@ -66,6 +66,7 @@ RUN apt-get update \ libgdbm-dev \ libc6-dev \ libbz2-dev \ + libncurses-dev \ tk-dev \ libffi-dev \ libcap-dev \ diff --git a/docker/pytorch/training/2.1.2/Dockerfile.neuronx.cve_allowlist.json b/docker/pytorch/training/2.1.2/Dockerfile.neuronx.cve_allowlist.json index e527d31..6e64086 100644 --- a/docker/pytorch/training/2.1.2/Dockerfile.neuronx.cve_allowlist.json +++ b/docker/pytorch/training/2.1.2/Dockerfile.neuronx.cve_allowlist.json @@ -1,4 +1,54 @@ { + "CVE-2024-2511": { + "description": "Issue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\n\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\n\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\n\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this ", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511", + "status": "ACTIVE", + "title": "CVE-2024-2511 - cryptography", + "vulnerability_id": "CVE-2024-2511", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "usr/local/lib/python3.10/site-packages/cryptography-42.0.5.dist-info/METADATA", + "name": "cryptography", + "packageManager": "PYTHONPKG", + "version": "42.0.5" + } + ] + }, + "CVE-2024-3568": { + "description": "The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine.", + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "score": 0.0, + "score_details": {}, + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3568", + "status": "ACTIVE", + "title": "CVE-2024-3568 - transformers", + "vulnerability_id": "CVE-2024-3568", + "vulnerable_packages": [ + { + "epoch": 0, + "filePath": "usr/local/lib/python3.10/site-packages/transformers-4.36.2.dist-info/METADATA", + "name": "transformers", + "packageManager": "PYTHONPKG", + "version": "4.36.2" + } + ] + }, "SNYK-PYTHON-TRANSFORMERS-6220003": { "description": "## Overview\n[transformers](https://pypi.org/project/transformers) is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow\n\nAffected versions of this package are vulnerable to Command Injection via the `subprocess.Popen` calls. This could potentially allow for the execution of arbitrary code.\r\n\r\n\r\n**Note:**\r\nIt appears that while this issue is generally not critical for the library's primary use cases, it can become more significant in specific production environments. \r\nParticularly in scenarios where the library interacts with user-generated input, such as in web application backends, desktop applications, and cloud-based ML services, the risk of arbitrary code execution increases.\n## Remediation\nUpgrade `transformers` to version 4.37.0 or higher.\n## References\n- [Additional Information](https://bandit.readthedocs.io/en/1.7.6/plugins/b602_subprocess_popen_with_shell_equals_true.html)\n- [GitHub Commit](https://github.com/huggingface/transformers/commit/2272ab57a99bcac972b5252b87c31e24d0b25538)\n", "remediation": {