From 1066b48b59fe3d3f21e6db822c00903240ed126c Mon Sep 17 00:00:00 2001 From: Fu Qiao <166165420+phooq@users.noreply.github.com> Date: Wed, 30 Oct 2024 15:01:20 -0700 Subject: [PATCH] Add Dockerfiles for Neuron DLC with SDK 2.20.1 (#24) *Issue #, if available:* *Description of changes:* Add Dockerfiles for Neuron DLC with SDK 2.20.1 By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice. --------- Co-authored-by: Fu Qiao --- .../inference/1.13.1/Dockerfile.neuron | 1 + .../Dockerfile.neuron.cve_allowlist.json | 256 ++------------ .../inference/1.13.1/Dockerfile.neuronx | 3 +- .../Dockerfile.neuronx.cve_allowlist.json | 237 ++----------- .../inference/2.1.2/Dockerfile.neuronx | 5 +- .../Dockerfile.neuronx.cve_allowlist.json | 237 ++----------- .../training/1.13.1/Dockerfile.neuronx | 33 +- .../Dockerfile.neuronx.cve_allowlist.json | 330 +++++++----------- .../pytorch/training/2.1.2/Dockerfile.neuronx | 36 +- .../Dockerfile.neuronx.cve_allowlist.json | 330 +++++++----------- docker/pytorch/training/common/apex_setup.py | 20 ++ 11 files changed, 404 insertions(+), 1084 deletions(-) create mode 100644 docker/pytorch/training/common/apex_setup.py diff --git a/docker/pytorch/inference/1.13.1/Dockerfile.neuron b/docker/pytorch/inference/1.13.1/Dockerfile.neuron index 83a23cd..7df1b61 100644 --- a/docker/pytorch/inference/1.13.1/Dockerfile.neuron +++ b/docker/pytorch/inference/1.13.1/Dockerfile.neuron @@ -47,6 +47,7 @@ RUN apt-get update \ unzip \ zlib1g-dev \ libcap-dev \ + gnupg2 \ gpg-agent \ && rm -rf /var/lib/apt/lists/* \ && rm -rf /tmp/tmp* \ diff --git a/docker/pytorch/inference/1.13.1/Dockerfile.neuron.cve_allowlist.json b/docker/pytorch/inference/1.13.1/Dockerfile.neuron.cve_allowlist.json index 3b500b1..f9abeb3 100644 --- a/docker/pytorch/inference/1.13.1/Dockerfile.neuron.cve_allowlist.json +++ b/docker/pytorch/inference/1.13.1/Dockerfile.neuron.cve_allowlist.json @@ -1,31 +1,6 @@ { - "CVE-2023-6237": { - "description": "Issue summary: Checking excessively long invalid RSA public keys may take\na long time.\n\nImpact summary: Applications that use the function EVP_PKEY_public_check()\nto check RSA public keys may experience long delays. Where the key that\nis being checked has been obtained from an untrusted source this may lead\nto a Denial of Service.\n\nWhen function EVP_PKEY_public_check() is called on RSA public keys,\na computation is done to confirm that the RSA modulus, n, is composite.\nFor valid RSA keys, n is a product of two or more large primes and this\ncomputation completes quickly. However, if n is an overly large prime,\nthen this computation would take a long time.\n\nAn application that calls EVP_PKEY_public_check() and supplies an RSA key\nobtained from an untrusted source could be vulnerable to a Denial of Service\nattack.\n\nThe function EVP_PKEY_public_check() is not called from other OpenSSL\nfunctions however it is called from the OpenSSL pkey command line\napplication. For that reason that application is also vulnerable", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "UNTRIAGED", - "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6237", - "status": "ACTIVE", - "title": "CVE-2023-6237 - pyOpenSSL", - "vulnerability_id": "CVE-2023-6237", - "vulnerable_packages": [ - { - "epoch": 0, - "filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA", - "name": "pyOpenSSL", - "packageManager": "PYTHONPKG", - "version": "24.0.0" - } - ] - }, "CVE-2024-2511": { - "description": "Issue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\n\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\n\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\n\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this ", + "description": "Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions\n\nImpact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service\n\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation.\n\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this ", "remediation": { "recommendation": { "text": "None Provided" @@ -36,16 +11,16 @@ "severity": "UNTRIAGED", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511", - "status": "CLOSED", + "status": "ACTIVE", "title": "CVE-2024-2511 - pyOpenSSL", "vulnerability_id": "CVE-2024-2511", "vulnerable_packages": [ { "epoch": 0, - "filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA", + "filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.2.1.dist-info/METADATA", "name": "pyOpenSSL", "packageManager": "PYTHONPKG", - "version": "24.0.0" + "version": "24.2.1" } ] }, @@ -99,163 +74,8 @@ } ] }, - "CVE-2024-32002": { - "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32002.html", - "status": "ACTIVE", - "title": "CVE-2024-32002 - git", - "vulnerability_id": "CVE-2024-32002", - "vulnerable_packages": [ - { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" - } - ] - }, - "CVE-2024-32004": { - "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32004.html", - "status": "ACTIVE", - "title": "CVE-2024-32004 - git", - "vulnerability_id": "CVE-2024-32004", - "vulnerable_packages": [ - { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" - } - ] - }, - "CVE-2024-32020": { - "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repository into the target repository. This significantly speeds up such local clones compared to doing a \"proper\" clone and saves both disk space and compute time. When cloning a repository located on the same disk that is owned by a different user than the current user we also end up creating such hardlinks. These files will continue to be owned and controlled by the potentially-untrusted user and can be rewritten by them at will in the future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, ", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32020.html", - "status": "ACTIVE", - "title": "CVE-2024-32020 - git", - "vulnerability_id": "CVE-2024-32020", - "vulnerable_packages": [ - { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" - } - ] - }, - "CVE-2024-32021": { - "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the filesystem may creating hardlinks to arbitrary user-owned files on the same filesystem in the target Git repository's `objects/` directory. When cloning a repository over the filesystem (without explicitly specifying the `file://` protocol or `--no-local`), the optimizations for local cloning will be used, which include attempting to hard link the object files instead of copying them. While the code includes checks against symbolic links in the source repository, which were added during the fix for CVE-2022-39253, these checks can still be raced because the hard link operation ultimately follows symlinks. If the object on the filesystem appears as a ", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32021.html", - "status": "ACTIVE", - "title": "CVE-2024-32021 - git", - "vulnerability_id": "CVE-2024-32021", - "vulnerable_packages": [ - { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" - } - ] - }, - "CVE-2024-32465": { - "description": " Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources.", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32465.html", - "status": "ACTIVE", - "title": "CVE-2024-32465 - git", - "vulnerability_id": "CVE-2024-32465", - "vulnerable_packages": [ - { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" - } - ] - }, - "CVE-2024-34997": { - "description": "joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array().", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "UNTRIAGED", - "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34997", - "status": "ACTIVE", - "title": "CVE-2024-34997 - joblib", - "vulnerability_id": "CVE-2024-34997", - "vulnerable_packages": [ - { - "epoch": 0, - "filePath": "opt/conda/lib/python3.10/site-packages/joblib-1.4.2.dist-info/METADATA", - "name": "joblib", - "packageManager": "PYTHONPKG", - "version": "1.4.2" - } - ] - }, - "CVE-2024-35195": { - "description": "Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.", + "CVE-2024-37891": { + "description": "urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achiev", "remediation": { "recommendation": { "text": "None Provided" @@ -265,56 +85,22 @@ "score_details": {}, "severity": "UNTRIAGED", "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35195", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37891", "status": "ACTIVE", - "title": "CVE-2024-35195 - requests", - "vulnerability_id": "CVE-2024-35195", + "title": "CVE-2024-37891 - urllib3", + "vulnerability_id": "CVE-2024-37891", "vulnerable_packages": [ { "epoch": 0, - "filePath": "opt/conda/lib/python3.10/site-packages/requests-2.31.0.dist-info/METADATA", - "name": "requests", + "filePath": "opt/conda/lib/python3.10/site-packages/urllib3-2.0.7.dist-info/METADATA", + "name": "urllib3", "packageManager": "PYTHONPKG", - "version": "2.31.0" - } - ] - }, - "CVE-2024-3651": { - "description": " [potential DoS via resource consumption via specially crafted inputs to idna.encode()]", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-3651.html", - "status": "ACTIVE", - "title": "CVE-2024-3651 - python-idna, python3-idna", - "vulnerability_id": "CVE-2024-3651", - "vulnerable_packages": [ - { - "arch": "ALL", - "epoch": 0, - "name": "python-idna", - "packageManager": "OS", - "release": "1", - "version": "2.8" - }, - { - "arch": "ALL", - "epoch": 0, - "name": "python3-idna", - "packageManager": "OS", - "release": "1", - "version": "2.8" + "version": "2.0.7" } ] }, - "CVE-2024-4603": { - "description": "Issue summary: Checking excessively long DSA keys or parameters may be very\nslow.\n\nImpact summary: Applications that use the functions EVP_PKEY_param_check()\nor EVP_PKEY_public_check() to check a DSA public key or DSA parameters may\nexperience long delays. Where the key or parameters that are being checked\nhave been obtained from an untrusted source this may lead to a Denial of\nService.\n\nThe functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform\nvarious checks on DSA parameters. Some of those computations take a long time\nif the modulus (`p` parameter) is too large.\n\nTrying to use a very large modulus is slow and OpenSSL will not allow using\npublic keys with a modulus which is over 10,000 bits in length for signature\nverification. However the key and parameter check functions do not limit\nthe modulus size when performing the checks.\n\nAn application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()\nand supplies a key or parameters obtained from an untrusted source could be\nvulnerable to", + "CVE-2024-6345": { + "description": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.", "remediation": { "recommendation": { "text": "None Provided" @@ -324,18 +110,18 @@ "score_details": {}, "severity": "UNTRIAGED", "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4603", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345", "status": "ACTIVE", - "title": "CVE-2024-4603 - cryptography", - "vulnerability_id": "CVE-2024-4603", + "title": "CVE-2024-6345 - setuptools", + "vulnerability_id": "CVE-2024-6345", "vulnerable_packages": [ { "epoch": 0, - "filePath": "opt/conda/lib/python3.10/site-packages/cryptography-42.0.7.dist-info/METADATA", - "name": "cryptography", + "filePath": "opt/conda/lib/python3.10/site-packages/setuptools-69.5.1.dist-info/METADATA", + "name": "setuptools", "packageManager": "PYTHONPKG", - "version": "42.0.7" + "version": "69.5.1" } ] } -} +} \ No newline at end of file diff --git a/docker/pytorch/inference/1.13.1/Dockerfile.neuronx b/docker/pytorch/inference/1.13.1/Dockerfile.neuronx index b1d03ce..1a2a3f4 100644 --- a/docker/pytorch/inference/1.13.1/Dockerfile.neuronx +++ b/docker/pytorch/inference/1.13.1/Dockerfile.neuronx @@ -7,7 +7,7 @@ LABEL com.amazonaws.sagemaker.capabilities.accept-bind-to-port=true # Neuron SDK components version numbers ARG NEURONX_FRAMEWORK_VERSION=1.13.1.1.16.0 ARG NEURONX_DISTRIBUTED_VERSION=0.9.0 -ARG NEURONX_CC_VERSION=2.15.128.0 +ARG NEURONX_CC_VERSION=2.15.141.0 ARG NEURONX_TRANSFORMERS_VERSION=0.12.313 ARG NEURONX_COLLECTIVES_LIB_VERSION=2.22.26.0-17a033bc8 ARG NEURONX_RUNTIME_LIB_VERSION=2.22.14.0-6e27b8d5b @@ -51,6 +51,7 @@ RUN apt-get update \ unzip \ zlib1g-dev \ libcap-dev \ + gnupg2 \ gpg-agent \ && rm -rf /var/lib/apt/lists/* \ && rm -rf /tmp/tmp* \ diff --git a/docker/pytorch/inference/1.13.1/Dockerfile.neuronx.cve_allowlist.json b/docker/pytorch/inference/1.13.1/Dockerfile.neuronx.cve_allowlist.json index 62e3f04..0d9dfa2 100644 --- a/docker/pytorch/inference/1.13.1/Dockerfile.neuronx.cve_allowlist.json +++ b/docker/pytorch/inference/1.13.1/Dockerfile.neuronx.cve_allowlist.json @@ -1,31 +1,6 @@ { - "CVE-2023-6237": { - "description": "Issue summary: Checking excessively long invalid RSA public keys may take\na long time.\n\nImpact summary: Applications that use the function EVP_PKEY_public_check()\nto check RSA public keys may experience long delays. Where the key that\nis being checked has been obtained from an untrusted source this may lead\nto a Denial of Service.\n\nWhen function EVP_PKEY_public_check() is called on RSA public keys,\na computation is done to confirm that the RSA modulus, n, is composite.\nFor valid RSA keys, n is a product of two or more large primes and this\ncomputation completes quickly. However, if n is an overly large prime,\nthen this computation would take a long time.\n\nAn application that calls EVP_PKEY_public_check() and supplies an RSA key\nobtained from an untrusted source could be vulnerable to a Denial of Service\nattack.\n\nThe function EVP_PKEY_public_check() is not called from other OpenSSL\nfunctions however it is called from the OpenSSL pkey command line\napplication. For that reason that application is also vulnerable", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "UNTRIAGED", - "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6237", - "status": "ACTIVE", - "title": "CVE-2023-6237 - pyOpenSSL", - "vulnerability_id": "CVE-2023-6237", - "vulnerable_packages": [ - { - "epoch": 0, - "filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA", - "name": "pyOpenSSL", - "packageManager": "PYTHONPKG", - "version": "24.0.0" - } - ] - }, "CVE-2024-2511": { - "description": "Issue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\n\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\n\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\n\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this ", + "description": "Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions\n\nImpact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service\n\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation.\n\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this ", "remediation": { "recommendation": { "text": "None Provided" @@ -36,16 +11,16 @@ "severity": "UNTRIAGED", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511", - "status": "CLOSED", + "status": "ACTIVE", "title": "CVE-2024-2511 - pyOpenSSL", "vulnerability_id": "CVE-2024-2511", "vulnerable_packages": [ { "epoch": 0, - "filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA", + "filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.2.1.dist-info/METADATA", "name": "pyOpenSSL", "packageManager": "PYTHONPKG", - "version": "24.0.0" + "version": "24.2.1" } ] }, @@ -99,161 +74,6 @@ } ] }, - "CVE-2024-32002": { - "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32002.html", - "status": "ACTIVE", - "title": "CVE-2024-32002 - git", - "vulnerability_id": "CVE-2024-32002", - "vulnerable_packages": [ - { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" - } - ] - }, - "CVE-2024-32004": { - "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32004.html", - "status": "ACTIVE", - "title": "CVE-2024-32004 - git", - "vulnerability_id": "CVE-2024-32004", - "vulnerable_packages": [ - { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" - } - ] - }, - "CVE-2024-32020": { - "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repository into the target repository. This significantly speeds up such local clones compared to doing a \"proper\" clone and saves both disk space and compute time. When cloning a repository located on the same disk that is owned by a different user than the current user we also end up creating such hardlinks. These files will continue to be owned and controlled by the potentially-untrusted user and can be rewritten by them at will in the future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, ", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32020.html", - "status": "ACTIVE", - "title": "CVE-2024-32020 - git", - "vulnerability_id": "CVE-2024-32020", - "vulnerable_packages": [ - { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" - } - ] - }, - "CVE-2024-32021": { - "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the filesystem may creating hardlinks to arbitrary user-owned files on the same filesystem in the target Git repository's `objects/` directory. When cloning a repository over the filesystem (without explicitly specifying the `file://` protocol or `--no-local`), the optimizations for local cloning will be used, which include attempting to hard link the object files instead of copying them. While the code includes checks against symbolic links in the source repository, which were added during the fix for CVE-2022-39253, these checks can still be raced because the hard link operation ultimately follows symlinks. If the object on the filesystem appears as a ", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32021.html", - "status": "ACTIVE", - "title": "CVE-2024-32021 - git", - "vulnerability_id": "CVE-2024-32021", - "vulnerable_packages": [ - { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" - } - ] - }, - "CVE-2024-32465": { - "description": " Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources.", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32465.html", - "status": "ACTIVE", - "title": "CVE-2024-32465 - git", - "vulnerability_id": "CVE-2024-32465", - "vulnerable_packages": [ - { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" - } - ] - }, - "CVE-2024-34997": { - "description": "joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array().", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "UNTRIAGED", - "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34997", - "status": "ACTIVE", - "title": "CVE-2024-34997 - joblib", - "vulnerability_id": "CVE-2024-34997", - "vulnerable_packages": [ - { - "epoch": 0, - "filePath": "opt/conda/lib/python3.10/site-packages/joblib-1.4.2.dist-info/METADATA", - "name": "joblib", - "packageManager": "PYTHONPKG", - "version": "1.4.2" - } - ] - }, "CVE-2024-35195": { "description": "Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.", "remediation": { @@ -279,8 +99,8 @@ } ] }, - "CVE-2024-3651": { - "description": " [potential DoS via resource consumption via specially crafted inputs to idna.encode()]", + "CVE-2024-37891": { + "description": "urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achiev", "remediation": { "recommendation": { "text": "None Provided" @@ -288,33 +108,24 @@ }, "score": 0.0, "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-3651.html", + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37891", "status": "ACTIVE", - "title": "CVE-2024-3651 - python3-idna, python-idna", - "vulnerability_id": "CVE-2024-3651", + "title": "CVE-2024-37891 - urllib3", + "vulnerability_id": "CVE-2024-37891", "vulnerable_packages": [ { - "arch": "ALL", "epoch": 0, - "name": "python3-idna", - "packageManager": "OS", - "release": "1", - "version": "2.8" - }, - { - "arch": "ALL", - "epoch": 0, - "name": "python-idna", - "packageManager": "OS", - "release": "1", - "version": "2.8" + "filePath": "opt/conda/lib/python3.10/site-packages/urllib3-2.0.7.dist-info/METADATA", + "name": "urllib3", + "packageManager": "PYTHONPKG", + "version": "2.0.7" } ] }, - "CVE-2024-4603": { - "description": "Issue summary: Checking excessively long DSA keys or parameters may be very\nslow.\n\nImpact summary: Applications that use the functions EVP_PKEY_param_check()\nor EVP_PKEY_public_check() to check a DSA public key or DSA parameters may\nexperience long delays. Where the key or parameters that are being checked\nhave been obtained from an untrusted source this may lead to a Denial of\nService.\n\nThe functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform\nvarious checks on DSA parameters. Some of those computations take a long time\nif the modulus (`p` parameter) is too large.\n\nTrying to use a very large modulus is slow and OpenSSL will not allow using\npublic keys with a modulus which is over 10,000 bits in length for signature\nverification. However the key and parameter check functions do not limit\nthe modulus size when performing the checks.\n\nAn application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()\nand supplies a key or parameters obtained from an untrusted source could be\nvulnerable to", + "CVE-2024-6345": { + "description": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.", "remediation": { "recommendation": { "text": "None Provided" @@ -324,18 +135,18 @@ "score_details": {}, "severity": "UNTRIAGED", "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4603", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345", "status": "ACTIVE", - "title": "CVE-2024-4603 - cryptography", - "vulnerability_id": "CVE-2024-4603", + "title": "CVE-2024-6345 - setuptools", + "vulnerability_id": "CVE-2024-6345", "vulnerable_packages": [ { "epoch": 0, - "filePath": "opt/conda/lib/python3.10/site-packages/cryptography-42.0.7.dist-info/METADATA", - "name": "cryptography", + "filePath": "opt/conda/lib/python3.10/site-packages/setuptools-69.5.1.dist-info/METADATA", + "name": "setuptools", "packageManager": "PYTHONPKG", - "version": "42.0.7" + "version": "69.5.1" } ] } -} +} \ No newline at end of file diff --git a/docker/pytorch/inference/2.1.2/Dockerfile.neuronx b/docker/pytorch/inference/2.1.2/Dockerfile.neuronx index 611c8a1..ac2c421 100644 --- a/docker/pytorch/inference/2.1.2/Dockerfile.neuronx +++ b/docker/pytorch/inference/2.1.2/Dockerfile.neuronx @@ -6,8 +6,8 @@ LABEL com.amazonaws.sagemaker.capabilities.accept-bind-to-port=true # Neuron SDK components version numbers ARG NEURONX_DISTRIBUTED_VERSION=0.9.0 -ARG NEURONX_CC_VERSION=2.15.128.0 -ARG NEURONX_FRAMEWORK_VERSION=2.1.2.2.3.0 +ARG NEURONX_CC_VERSION=2.15.141.0 +ARG NEURONX_FRAMEWORK_VERSION=2.1.2.2.3.1 ARG NEURONX_TRANSFORMERS_VERSION=0.12.313 ARG NEURONX_COLLECTIVES_LIB_VERSION=2.22.26.0-17a033bc8 ARG NEURONX_RUNTIME_LIB_VERSION=2.22.14.0-6e27b8d5b @@ -51,6 +51,7 @@ RUN apt-get update \ unzip \ zlib1g-dev \ libcap-dev \ + gnupg2 \ gpg-agent \ && rm -rf /var/lib/apt/lists/* \ && rm -rf /tmp/tmp* \ diff --git a/docker/pytorch/inference/2.1.2/Dockerfile.neuronx.cve_allowlist.json b/docker/pytorch/inference/2.1.2/Dockerfile.neuronx.cve_allowlist.json index eedd7fb..536c7dc 100644 --- a/docker/pytorch/inference/2.1.2/Dockerfile.neuronx.cve_allowlist.json +++ b/docker/pytorch/inference/2.1.2/Dockerfile.neuronx.cve_allowlist.json @@ -1,31 +1,6 @@ { - "CVE-2023-6237": { - "description": "Issue summary: Checking excessively long invalid RSA public keys may take\na long time.\n\nImpact summary: Applications that use the function EVP_PKEY_public_check()\nto check RSA public keys may experience long delays. Where the key that\nis being checked has been obtained from an untrusted source this may lead\nto a Denial of Service.\n\nWhen function EVP_PKEY_public_check() is called on RSA public keys,\na computation is done to confirm that the RSA modulus, n, is composite.\nFor valid RSA keys, n is a product of two or more large primes and this\ncomputation completes quickly. However, if n is an overly large prime,\nthen this computation would take a long time.\n\nAn application that calls EVP_PKEY_public_check() and supplies an RSA key\nobtained from an untrusted source could be vulnerable to a Denial of Service\nattack.\n\nThe function EVP_PKEY_public_check() is not called from other OpenSSL\nfunctions however it is called from the OpenSSL pkey command line\napplication. For that reason that application is also vulnerable", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "UNTRIAGED", - "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6237", - "status": "ACTIVE", - "title": "CVE-2023-6237 - pyOpenSSL", - "vulnerability_id": "CVE-2023-6237", - "vulnerable_packages": [ - { - "epoch": 0, - "filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA", - "name": "pyOpenSSL", - "packageManager": "PYTHONPKG", - "version": "24.0.0" - } - ] - }, "CVE-2024-2511": { - "description": "Issue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\n\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\n\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\n\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this ", + "description": "Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions\n\nImpact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service\n\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation.\n\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this ", "remediation": { "recommendation": { "text": "None Provided" @@ -36,16 +11,16 @@ "severity": "UNTRIAGED", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511", - "status": "CLOSED", + "status": "ACTIVE", "title": "CVE-2024-2511 - pyOpenSSL", "vulnerability_id": "CVE-2024-2511", "vulnerable_packages": [ { "epoch": 0, - "filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA", + "filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.2.1.dist-info/METADATA", "name": "pyOpenSSL", "packageManager": "PYTHONPKG", - "version": "24.0.0" + "version": "24.2.1" } ] }, @@ -99,161 +74,6 @@ } ] }, - "CVE-2024-32002": { - "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32002.html", - "status": "ACTIVE", - "title": "CVE-2024-32002 - git", - "vulnerability_id": "CVE-2024-32002", - "vulnerable_packages": [ - { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" - } - ] - }, - "CVE-2024-32004": { - "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32004.html", - "status": "ACTIVE", - "title": "CVE-2024-32004 - git", - "vulnerability_id": "CVE-2024-32004", - "vulnerable_packages": [ - { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" - } - ] - }, - "CVE-2024-32020": { - "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repository into the target repository. This significantly speeds up such local clones compared to doing a \"proper\" clone and saves both disk space and compute time. When cloning a repository located on the same disk that is owned by a different user than the current user we also end up creating such hardlinks. These files will continue to be owned and controlled by the potentially-untrusted user and can be rewritten by them at will in the future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, ", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32020.html", - "status": "ACTIVE", - "title": "CVE-2024-32020 - git", - "vulnerability_id": "CVE-2024-32020", - "vulnerable_packages": [ - { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" - } - ] - }, - "CVE-2024-32021": { - "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the filesystem may creating hardlinks to arbitrary user-owned files on the same filesystem in the target Git repository's `objects/` directory. When cloning a repository over the filesystem (without explicitly specifying the `file://` protocol or `--no-local`), the optimizations for local cloning will be used, which include attempting to hard link the object files instead of copying them. While the code includes checks against symbolic links in the source repository, which were added during the fix for CVE-2022-39253, these checks can still be raced because the hard link operation ultimately follows symlinks. If the object on the filesystem appears as a ", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32021.html", - "status": "ACTIVE", - "title": "CVE-2024-32021 - git", - "vulnerability_id": "CVE-2024-32021", - "vulnerable_packages": [ - { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" - } - ] - }, - "CVE-2024-32465": { - "description": " Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources.", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32465.html", - "status": "ACTIVE", - "title": "CVE-2024-32465 - git", - "vulnerability_id": "CVE-2024-32465", - "vulnerable_packages": [ - { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" - } - ] - }, - "CVE-2024-34997": { - "description": "joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array().", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "UNTRIAGED", - "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34997", - "status": "ACTIVE", - "title": "CVE-2024-34997 - joblib", - "vulnerability_id": "CVE-2024-34997", - "vulnerable_packages": [ - { - "epoch": 0, - "filePath": "opt/conda/lib/python3.10/site-packages/joblib-1.4.2.dist-info/METADATA", - "name": "joblib", - "packageManager": "PYTHONPKG", - "version": "1.4.2" - } - ] - }, "CVE-2024-35195": { "description": "Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.", "remediation": { @@ -279,8 +99,8 @@ } ] }, - "CVE-2024-3651": { - "description": " [potential DoS via resource consumption via specially crafted inputs to idna.encode()]", + "CVE-2024-37891": { + "description": "urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achiev", "remediation": { "recommendation": { "text": "None Provided" @@ -288,33 +108,24 @@ }, "score": 0.0, "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-3651.html", + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37891", "status": "ACTIVE", - "title": "CVE-2024-3651 - python-idna, python3-idna", - "vulnerability_id": "CVE-2024-3651", + "title": "CVE-2024-37891 - urllib3", + "vulnerability_id": "CVE-2024-37891", "vulnerable_packages": [ { - "arch": "ALL", "epoch": 0, - "name": "python-idna", - "packageManager": "OS", - "release": "1", - "version": "2.8" - }, - { - "arch": "ALL", - "epoch": 0, - "name": "python3-idna", - "packageManager": "OS", - "release": "1", - "version": "2.8" + "filePath": "opt/conda/lib/python3.10/site-packages/urllib3-2.0.7.dist-info/METADATA", + "name": "urllib3", + "packageManager": "PYTHONPKG", + "version": "2.0.7" } ] }, - "CVE-2024-4603": { - "description": "Issue summary: Checking excessively long DSA keys or parameters may be very\nslow.\n\nImpact summary: Applications that use the functions EVP_PKEY_param_check()\nor EVP_PKEY_public_check() to check a DSA public key or DSA parameters may\nexperience long delays. Where the key or parameters that are being checked\nhave been obtained from an untrusted source this may lead to a Denial of\nService.\n\nThe functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform\nvarious checks on DSA parameters. Some of those computations take a long time\nif the modulus (`p` parameter) is too large.\n\nTrying to use a very large modulus is slow and OpenSSL will not allow using\npublic keys with a modulus which is over 10,000 bits in length for signature\nverification. However the key and parameter check functions do not limit\nthe modulus size when performing the checks.\n\nAn application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()\nand supplies a key or parameters obtained from an untrusted source could be\nvulnerable to", + "CVE-2024-6345": { + "description": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.", "remediation": { "recommendation": { "text": "None Provided" @@ -324,18 +135,18 @@ "score_details": {}, "severity": "UNTRIAGED", "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4603", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345", "status": "ACTIVE", - "title": "CVE-2024-4603 - cryptography", - "vulnerability_id": "CVE-2024-4603", + "title": "CVE-2024-6345 - setuptools", + "vulnerability_id": "CVE-2024-6345", "vulnerable_packages": [ { "epoch": 0, - "filePath": "opt/conda/lib/python3.10/site-packages/cryptography-42.0.7.dist-info/METADATA", - "name": "cryptography", + "filePath": "opt/conda/lib/python3.10/site-packages/setuptools-69.5.1.dist-info/METADATA", + "name": "setuptools", "packageManager": "PYTHONPKG", - "version": "42.0.7" + "version": "69.5.1" } ] } -} +} \ No newline at end of file diff --git a/docker/pytorch/training/1.13.1/Dockerfile.neuronx b/docker/pytorch/training/1.13.1/Dockerfile.neuronx index 11ca60e..d996cc7 100644 --- a/docker/pytorch/training/1.13.1/Dockerfile.neuronx +++ b/docker/pytorch/training/1.13.1/Dockerfile.neuronx @@ -7,7 +7,7 @@ LABEL dlc_major_version="1" ARG NEURONX_FRAMEWORK_VERSION=1.13.1.1.16.0 ARG NEURONX_DISTRIBUTED_VERSION=0.9.0 ARG NEURONX_DISTRIBUTED_TRAINING_VERSION=1.0.0 -ARG NEURONX_CC_VERSION=2.15.128.0 +ARG NEURONX_CC_VERSION=2.15.141.0 ARG NEURONX_COLLECTIVES_LIB_VERSION=2.22.26.0-17a033bc8 ARG NEURONX_RUNTIME_LIB_VERSION=2.22.14.0-6e27b8d5b ARG NEURONX_TOOLS_VERSION=2.19.0.0 @@ -142,9 +142,34 @@ RUN ${PIP} install --no-cache-dir -U \ RUN mkdir -p /etc/pki/tls/certs && cp /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt RUN ${PIP} config set global.extra-index-url https://pip.repos.neuron.amazonaws.com \ && ${PIP} install --force-reinstall torch-neuronx==$NEURONX_FRAMEWORK_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com \ - && ${PIP} install --force-reinstall neuronx-cc==$NEURONX_CC_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com \ - && ${PIP} install --force-reinstall --no-deps neuronx_distributed==$NEURONX_DISTRIBUTED_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com \ -&& ${PIP} install --force-reinstall --no-deps neuronx_distributed_training==$NEURONX_DISTRIBUTED_TRAINING_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com + && ${PIP} install --force-reinstall neuronx-cc==$NEURONX_CC_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com + +RUN ${PIP} install --force-reinstall --no-deps neuronx_distributed==$NEURONX_DISTRIBUTED_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com + +## Installation for Neuronx Distributed Training framework +# Install Cython +RUN pip install --no-cache-dir Cython + +# Copy the apex_setup.py file +COPY apex_setup.py /root/apex_setup.py + +# Clone and build Apex +RUN git clone https://github.com/NVIDIA/apex.git /root/apex \ + && cd /root/apex \ + && git checkout 23.05 \ + && cp /root/apex_setup.py setup.py \ + && python3 setup.py bdist_wheel + +#Install dependencies from requirements and extras for SageMaker usecase +RUN wget https://raw.githubusercontent.com/aws-neuron/neuronx-distributed-training/master/requirements.txt \ + && pip install --no-deps --no-cache-dir --no-build-isolation -r requirements.txt /root/apex/dist/apex-0.1-py3-none-any.whl \ + && pip install --force-reinstall "numba==0.57.1" \ + "multiprocess==0.70.16" \ + "numpy>=1.24.3,<=1.25.2" \ + "dill==0.3.8" + + +RUN ${PIP} install --force-reinstall --no-deps neuronx_distributed_training==$NEURONX_DISTRIBUTED_TRAINING_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com # attrs, neuronx-cc required: >=19.2.0, sagemaker <24,>=23.1.0 # protobuf neuronx-cc<4, sagemaker-training >=3.9.2,<=3.20.3 diff --git a/docker/pytorch/training/1.13.1/Dockerfile.neuronx.cve_allowlist.json b/docker/pytorch/training/1.13.1/Dockerfile.neuronx.cve_allowlist.json index ee29b8c..79b6067 100644 --- a/docker/pytorch/training/1.13.1/Dockerfile.neuronx.cve_allowlist.json +++ b/docker/pytorch/training/1.13.1/Dockerfile.neuronx.cve_allowlist.json @@ -1,134 +1,86 @@ { - "CVE-2024-31580": { - "description": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.", + "CVE-2023-6730": { + "description": "Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.", "remediation": { "recommendation": { "text": "None Provided" } }, - "score": 0.0, - "score_details": {}, - "severity": "UNTRIAGED", - "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31580", - "status": "ACTIVE", - "title": "CVE-2024-31580 - torch", - "vulnerability_id": "CVE-2024-31580", - "vulnerable_packages": [ - { - "epoch": 0, - "filePath": "usr/local/lib/python3.10/site-packages/torch-1.13.1.dist-info/METADATA", - "name": "torch", - "packageManager": "PYTHONPKG", - "version": "1.13.1" - } - ] - }, - "CVE-2024-31583": { - "description": "Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.", - "remediation": { - "recommendation": { - "text": "None Provided" + "score": 8.8, + "score_details": { + "cvss": { + "adjustments": [], + "score": 8.8, + "scoreSource": "NVD", + "scoringVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } }, - "score": 0.0, - "score_details": {}, - "severity": "UNTRIAGED", + "severity": "HIGH", "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31583", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6730", "status": "ACTIVE", - "title": "CVE-2024-31583 - torch", - "vulnerability_id": "CVE-2024-31583", + "title": "CVE-2023-6730 - transformers, transformers", + "vulnerability_id": "CVE-2023-6730", "vulnerable_packages": [ { "epoch": 0, - "filePath": "usr/local/lib/python3.10/site-packages/torch-1.13.1.dist-info/METADATA", - "name": "torch", + "filePath": "usr/local/lib/python3.10/site-packages/transformers-4.31.0.dist-info/METADATA", + "name": "transformers", "packageManager": "PYTHONPKG", - "version": "1.13.1" - } - ] - }, - "CVE-2024-32002": { - "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32002.html", - "status": "ACTIVE", - "title": "CVE-2024-32002 - git", - "vulnerability_id": "CVE-2024-32002", - "vulnerable_packages": [ + "version": "4.31.0" + }, { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" + "epoch": 0, + "filePath": "requirements.txt", + "name": "transformers", + "packageManager": "PIP", + "version": "4.31.0" } ] }, - "CVE-2024-32004": { - "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.", + "CVE-2023-7018": { + "description": "Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.", "remediation": { "recommendation": { "text": "None Provided" } }, - "score": 0.0, - "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32004.html", - "status": "ACTIVE", - "title": "CVE-2024-32004 - git", - "vulnerability_id": "CVE-2024-32004", - "vulnerable_packages": [ - { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" - } - ] - }, - "CVE-2024-32020": { - "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repository into the target repository. This significantly speeds up such local clones compared to doing a \"proper\" clone and saves both disk space and compute time. When cloning a repository located on the same disk that is owned by a different user than the current user we also end up creating such hardlinks. These files will continue to be owned and controlled by the potentially-untrusted user and can be rewritten by them at will in the future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, ", - "remediation": { - "recommendation": { - "text": "None Provided" + "score": 7.8, + "score_details": { + "cvss": { + "adjustments": [], + "score": 7.8, + "scoreSource": "NVD", + "scoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } }, - "score": 0.0, - "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32020.html", + "severity": "HIGH", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7018", "status": "ACTIVE", - "title": "CVE-2024-32020 - git", - "vulnerability_id": "CVE-2024-32020", + "title": "CVE-2023-7018 - transformers, transformers", + "vulnerability_id": "CVE-2023-7018", "vulnerable_packages": [ { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" + "epoch": 0, + "filePath": "usr/local/lib/python3.10/site-packages/transformers-4.31.0.dist-info/METADATA", + "name": "transformers", + "packageManager": "PYTHONPKG", + "version": "4.31.0" + }, + { + "epoch": 0, + "filePath": "requirements.txt", + "name": "transformers", + "packageManager": "PIP", + "version": "4.31.0" } ] }, - "CVE-2024-32021": { - "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the filesystem may creating hardlinks to arbitrary user-owned files on the same filesystem in the target Git repository's `objects/` directory. When cloning a repository over the filesystem (without explicitly specifying the `file://` protocol or `--no-local`), the optimizations for local cloning will be used, which include attempting to hard link the object files instead of copying them. While the code includes checks against symbolic links in the source repository, which were added during the fix for CVE-2022-39253, these checks can still be raced because the hard link operation ultimately follows symlinks. If the object on the filesystem appears as a ", + "CVE-2024-31580": { + "description": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.", "remediation": { "recommendation": { "text": "None Provided" @@ -136,25 +88,24 @@ }, "score": 0.0, "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32021.html", + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31580", "status": "ACTIVE", - "title": "CVE-2024-32021 - git", - "vulnerability_id": "CVE-2024-32021", + "title": "CVE-2024-31580 - torch", + "vulnerability_id": "CVE-2024-31580", "vulnerable_packages": [ { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" + "epoch": 0, + "filePath": "usr/local/lib/python3.10/site-packages/torch-1.13.1.dist-info/METADATA", + "name": "torch", + "packageManager": "PYTHONPKG", + "version": "1.13.1" } ] }, - "CVE-2024-32465": { - "description": " Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources.", + "CVE-2024-31583": { + "description": "Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.", "remediation": { "recommendation": { "text": "None Provided" @@ -162,20 +113,19 @@ }, "score": 0.0, "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32465.html", + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31583", "status": "ACTIVE", - "title": "CVE-2024-32465 - git", - "vulnerability_id": "CVE-2024-32465", + "title": "CVE-2024-31583 - torch", + "vulnerability_id": "CVE-2024-31583", "vulnerable_packages": [ { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" + "epoch": 0, + "filePath": "usr/local/lib/python3.10/site-packages/torch-1.13.1.dist-info/METADATA", + "name": "torch", + "packageManager": "PYTHONPKG", + "version": "1.13.1" } ] }, @@ -229,56 +179,6 @@ } ] }, - "CVE-2024-34997": { - "description": "joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array().", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "UNTRIAGED", - "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34997", - "status": "ACTIVE", - "title": "CVE-2024-34997 - joblib", - "vulnerability_id": "CVE-2024-34997", - "vulnerable_packages": [ - { - "epoch": 0, - "filePath": "usr/local/lib/python3.10/site-packages/joblib-1.4.2.dist-info/METADATA", - "name": "joblib", - "packageManager": "PYTHONPKG", - "version": "1.4.2" - } - ] - }, - "CVE-2024-35195": { - "description": "Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "UNTRIAGED", - "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35195", - "status": "ACTIVE", - "title": "CVE-2024-35195 - requests", - "vulnerability_id": "CVE-2024-35195", - "vulnerable_packages": [ - { - "epoch": 0, - "filePath": "usr/local/lib/python3.10/site-packages/requests-2.31.0.dist-info/METADATA", - "name": "requests", - "packageManager": "PYTHONPKG", - "version": "2.31.0" - } - ] - }, "CVE-2024-3568": { "description": "The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine.", "remediation": { @@ -292,54 +192,67 @@ "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3568", "status": "ACTIVE", - "title": "CVE-2024-3568 - transformers", + "title": "CVE-2024-3568 - transformers, transformers", "vulnerability_id": "CVE-2024-3568", "vulnerable_packages": [ { "epoch": 0, - "filePath": "usr/local/lib/python3.10/site-packages/transformers-4.36.2.dist-info/METADATA", + "filePath": "usr/local/lib/python3.10/site-packages/transformers-4.31.0.dist-info/METADATA", "name": "transformers", "packageManager": "PYTHONPKG", - "version": "4.36.2" + "version": "4.31.0" + }, + { + "epoch": 0, + "filePath": "requirements.txt", + "name": "transformers", + "packageManager": "PIP", + "version": "4.31.0" } ] }, - "CVE-2024-3651": { - "description": " [potential DoS via resource consumption via specially crafted inputs to idna.encode()]", + "CVE-2024-5452": { + "description": "A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the `deepdiff` library. The library uses `deepdiff.Delta` objects to modify application state based on frontend actions. However, it is possible to bypass the intended restrictions on modifying dunder attributes, allowing an attacker to construct a serialized delta that passes the deserializer whitelist and contains dunder attributes. When processed, this can be exploited to access other modules, classes, and instances, leading to arbitrary attribute write and total RCE on any self-hosted pytorch-lightning application in its default configuration, as the delta endpoint is enabled by default.", "remediation": { "recommendation": { "text": "None Provided" } }, - "score": 0.0, - "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-3651.html", + "score": 9.8, + "score_details": { + "cvss": { + "adjustments": [], + "score": 9.8, + "scoreSource": "NVD", + "scoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "severity": "CRITICAL", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5452", "status": "ACTIVE", - "title": "CVE-2024-3651 - python-idna, python3-idna", - "vulnerability_id": "CVE-2024-3651", + "title": "CVE-2024-5452 - pytorch-lightning, pytorch-lightning", + "vulnerability_id": "CVE-2024-5452", "vulnerable_packages": [ { - "arch": "ALL", "epoch": 0, - "name": "python-idna", - "packageManager": "OS", - "release": "1", - "version": "2.8" + "filePath": "usr/local/lib/python3.10/site-packages/pytorch_lightning-1.8.6.dist-info/METADATA", + "name": "pytorch-lightning", + "packageManager": "PYTHONPKG", + "version": "1.8.6" }, { - "arch": "ALL", "epoch": 0, - "name": "python3-idna", - "packageManager": "OS", - "release": "1", - "version": "2.8" + "filePath": "requirements.txt", + "name": "pytorch-lightning", + "packageManager": "PIP", + "version": "1.8.6" } ] }, - "CVE-2024-4603": { - "description": "Issue summary: Checking excessively long DSA keys or parameters may be very\nslow.\n\nImpact summary: Applications that use the functions EVP_PKEY_param_check()\nor EVP_PKEY_public_check() to check a DSA public key or DSA parameters may\nexperience long delays. Where the key or parameters that are being checked\nhave been obtained from an untrusted source this may lead to a Denial of\nService.\n\nThe functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform\nvarious checks on DSA parameters. Some of those computations take a long time\nif the modulus (`p` parameter) is too large.\n\nTrying to use a very large modulus is slow and OpenSSL will not allow using\npublic keys with a modulus which is over 10,000 bits in length for signature\nverification. However the key and parameter check functions do not limit\nthe modulus size when performing the checks.\n\nAn application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()\nand supplies a key or parameters obtained from an untrusted source could be\nvulnerable to", + "CVE-2024-5980": { + "description": "A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the plugin_server, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path traversal vulnerabilities. This can result in arbitrary files being written to any directory in the victim's local file system, potentially leading to remote code execution.", "remediation": { "recommendation": { "text": "None Provided" @@ -349,18 +262,25 @@ "score_details": {}, "severity": "UNTRIAGED", "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4603", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5980", "status": "ACTIVE", - "title": "CVE-2024-4603 - cryptography", - "vulnerability_id": "CVE-2024-4603", + "title": "CVE-2024-5980 - pytorch-lightning, pytorch-lightning", + "vulnerability_id": "CVE-2024-5980", "vulnerable_packages": [ { "epoch": 0, - "filePath": "usr/local/lib/python3.10/site-packages/cryptography-42.0.7.dist-info/METADATA", - "name": "cryptography", + "filePath": "usr/local/lib/python3.10/site-packages/pytorch_lightning-1.8.6.dist-info/METADATA", + "name": "pytorch-lightning", "packageManager": "PYTHONPKG", - "version": "42.0.7" + "version": "1.8.6" + }, + { + "epoch": 0, + "filePath": "requirements.txt", + "name": "pytorch-lightning", + "packageManager": "PIP", + "version": "1.8.6" } ] } -} +} \ No newline at end of file diff --git a/docker/pytorch/training/2.1.2/Dockerfile.neuronx b/docker/pytorch/training/2.1.2/Dockerfile.neuronx index 10918c5..05b5e75 100644 --- a/docker/pytorch/training/2.1.2/Dockerfile.neuronx +++ b/docker/pytorch/training/2.1.2/Dockerfile.neuronx @@ -6,8 +6,8 @@ LABEL dlc_major_version="1" # Neuron SDK components version numbers ARG NEURONX_DISTRIBUTED_VERSION=0.9.0 ARG NEURONX_DISTRIBUTED_TRAINING_VERSION=1.0.0 -ARG NEURONX_CC_VERSION=2.15.128.0 -ARG NEURONX_FRAMEWORK_VERSION=2.1.2.2.3.0 +ARG NEURONX_CC_VERSION=2.15.141.0 +ARG NEURONX_FRAMEWORK_VERSION=2.1.2.2.3.1 ARG NEURONX_COLLECTIVES_LIB_VERSION=2.22.26.0-17a033bc8 ARG NEURONX_RUNTIME_LIB_VERSION=2.22.14.0-6e27b8d5b ARG NEURONX_TOOLS_VERSION=2.19.0.0 @@ -139,12 +139,36 @@ RUN ${PIP} install --no-cache-dir -U \ transformers==4.36.2 \ Pillow -RUN mkdir -p /etc/pki/tls/certs && cp /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt RUN ${PIP} config set global.extra-index-url https://pip.repos.neuron.amazonaws.com \ && ${PIP} install --force-reinstall torch-neuronx==$NEURONX_FRAMEWORK_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com \ - && ${PIP} install --force-reinstall neuronx-cc==$NEURONX_CC_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com \ - && ${PIP} install --force-reinstall --no-deps neuronx_distributed==$NEURONX_DISTRIBUTED_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com \ - && ${PIP} install --force-reinstall --no-deps neuronx_distributed_training==$NEURONX_DISTRIBUTED_TRAINING_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com + && ${PIP} install --force-reinstall neuronx-cc==$NEURONX_CC_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com + +RUN ${PIP} install --force-reinstall --no-deps neuronx_distributed==$NEURONX_DISTRIBUTED_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com + +## Installation for Neuronx Distributed Training framework +# Install Cython +RUN pip install --no-cache-dir Cython + +# Copy the apex_setup.py file +COPY apex_setup.py /root/apex_setup.py + +# Clone and build Apex +RUN git clone https://github.com/NVIDIA/apex.git /root/apex \ + && cd /root/apex \ + && git checkout 23.05 \ + && cp /root/apex_setup.py setup.py \ + && python3 setup.py bdist_wheel + +#Install dependencies from requirements and extras for SageMaker usecase +RUN wget https://raw.githubusercontent.com/aws-neuron/neuronx-distributed-training/master/requirements.txt \ + && pip install --no-deps --no-cache-dir --no-build-isolation -r requirements.txt /root/apex/dist/apex-0.1-py3-none-any.whl \ + && pip install --force-reinstall "numba==0.57.1" \ + "multiprocess==0.70.16" \ + "numpy>=1.24.3,<=1.25.2" \ + "dill==0.3.8" + + +RUN ${PIP} install --force-reinstall --no-deps neuronx_distributed_training==$NEURONX_DISTRIBUTED_TRAINING_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com # attrs, neuronx-cc required: >=19.2.0, sagemaker <24,>=23.1.0 # protobuf neuronx-cc<4, sagemaker-training >=3.9.2,<=3.20.3 diff --git a/docker/pytorch/training/2.1.2/Dockerfile.neuronx.cve_allowlist.json b/docker/pytorch/training/2.1.2/Dockerfile.neuronx.cve_allowlist.json index 31cfb23..a61aeb6 100644 --- a/docker/pytorch/training/2.1.2/Dockerfile.neuronx.cve_allowlist.json +++ b/docker/pytorch/training/2.1.2/Dockerfile.neuronx.cve_allowlist.json @@ -1,134 +1,86 @@ { - "CVE-2024-31580": { - "description": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.", + "CVE-2023-6730": { + "description": "Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.", "remediation": { "recommendation": { "text": "None Provided" } }, - "score": 0.0, - "score_details": {}, - "severity": "UNTRIAGED", - "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31580", - "status": "ACTIVE", - "title": "CVE-2024-31580 - torch", - "vulnerability_id": "CVE-2024-31580", - "vulnerable_packages": [ - { - "epoch": 0, - "filePath": "usr/local/lib/python3.10/site-packages/torch-2.1.2.dist-info/METADATA", - "name": "torch", - "packageManager": "PYTHONPKG", - "version": "2.1.2" - } - ] - }, - "CVE-2024-31583": { - "description": "Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.", - "remediation": { - "recommendation": { - "text": "None Provided" + "score": 8.8, + "score_details": { + "cvss": { + "adjustments": [], + "score": 8.8, + "scoreSource": "NVD", + "scoringVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } }, - "score": 0.0, - "score_details": {}, - "severity": "UNTRIAGED", + "severity": "HIGH", "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31583", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6730", "status": "ACTIVE", - "title": "CVE-2024-31583 - torch", - "vulnerability_id": "CVE-2024-31583", + "title": "CVE-2023-6730 - transformers, transformers", + "vulnerability_id": "CVE-2023-6730", "vulnerable_packages": [ { "epoch": 0, - "filePath": "usr/local/lib/python3.10/site-packages/torch-2.1.2.dist-info/METADATA", - "name": "torch", + "filePath": "usr/local/lib/python3.10/site-packages/transformers-4.31.0.dist-info/METADATA", + "name": "transformers", "packageManager": "PYTHONPKG", - "version": "2.1.2" - } - ] - }, - "CVE-2024-32002": { - "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32002.html", - "status": "ACTIVE", - "title": "CVE-2024-32002 - git", - "vulnerability_id": "CVE-2024-32002", - "vulnerable_packages": [ + "version": "4.31.0" + }, { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" + "epoch": 0, + "filePath": "requirements.txt", + "name": "transformers", + "packageManager": "PIP", + "version": "4.31.0" } ] }, - "CVE-2024-32004": { - "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.", + "CVE-2023-7018": { + "description": "Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.", "remediation": { "recommendation": { "text": "None Provided" } }, - "score": 0.0, - "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32004.html", - "status": "ACTIVE", - "title": "CVE-2024-32004 - git", - "vulnerability_id": "CVE-2024-32004", - "vulnerable_packages": [ - { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" - } - ] - }, - "CVE-2024-32020": { - "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repository into the target repository. This significantly speeds up such local clones compared to doing a \"proper\" clone and saves both disk space and compute time. When cloning a repository located on the same disk that is owned by a different user than the current user we also end up creating such hardlinks. These files will continue to be owned and controlled by the potentially-untrusted user and can be rewritten by them at will in the future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, ", - "remediation": { - "recommendation": { - "text": "None Provided" + "score": 7.8, + "score_details": { + "cvss": { + "adjustments": [], + "score": 7.8, + "scoreSource": "NVD", + "scoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } }, - "score": 0.0, - "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32020.html", + "severity": "HIGH", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7018", "status": "ACTIVE", - "title": "CVE-2024-32020 - git", - "vulnerability_id": "CVE-2024-32020", + "title": "CVE-2023-7018 - transformers, transformers", + "vulnerability_id": "CVE-2023-7018", "vulnerable_packages": [ { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" + "epoch": 0, + "filePath": "usr/local/lib/python3.10/site-packages/transformers-4.31.0.dist-info/METADATA", + "name": "transformers", + "packageManager": "PYTHONPKG", + "version": "4.31.0" + }, + { + "epoch": 0, + "filePath": "requirements.txt", + "name": "transformers", + "packageManager": "PIP", + "version": "4.31.0" } ] }, - "CVE-2024-32021": { - "description": " Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the filesystem may creating hardlinks to arbitrary user-owned files on the same filesystem in the target Git repository's `objects/` directory. When cloning a repository over the filesystem (without explicitly specifying the `file://` protocol or `--no-local`), the optimizations for local cloning will be used, which include attempting to hard link the object files instead of copying them. While the code includes checks against symbolic links in the source repository, which were added during the fix for CVE-2022-39253, these checks can still be raced because the hard link operation ultimately follows symlinks. If the object on the filesystem appears as a ", + "CVE-2024-31580": { + "description": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.", "remediation": { "recommendation": { "text": "None Provided" @@ -136,25 +88,24 @@ }, "score": 0.0, "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32021.html", + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31580", "status": "ACTIVE", - "title": "CVE-2024-32021 - git", - "vulnerability_id": "CVE-2024-32021", + "title": "CVE-2024-31580 - torch", + "vulnerability_id": "CVE-2024-31580", "vulnerable_packages": [ { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" + "epoch": 0, + "filePath": "usr/local/lib/python3.10/site-packages/torch-2.1.2.dist-info/METADATA", + "name": "torch", + "packageManager": "PYTHONPKG", + "version": "2.1.2" } ] }, - "CVE-2024-32465": { - "description": " Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources.", + "CVE-2024-31583": { + "description": "Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.", "remediation": { "recommendation": { "text": "None Provided" @@ -162,20 +113,19 @@ }, "score": 0.0, "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-32465.html", + "severity": "UNTRIAGED", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31583", "status": "ACTIVE", - "title": "CVE-2024-32465 - git", - "vulnerability_id": "CVE-2024-32465", + "title": "CVE-2024-31583 - torch", + "vulnerability_id": "CVE-2024-31583", "vulnerable_packages": [ { - "arch": "AMD64", - "epoch": 1, - "name": "git", - "packageManager": "OS", - "release": "1ubuntu3.11", - "version": "2.25.1" + "epoch": 0, + "filePath": "usr/local/lib/python3.10/site-packages/torch-2.1.2.dist-info/METADATA", + "name": "torch", + "packageManager": "PYTHONPKG", + "version": "2.1.2" } ] }, @@ -229,56 +179,6 @@ } ] }, - "CVE-2024-34997": { - "description": "joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array().", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "UNTRIAGED", - "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34997", - "status": "ACTIVE", - "title": "CVE-2024-34997 - joblib", - "vulnerability_id": "CVE-2024-34997", - "vulnerable_packages": [ - { - "epoch": 0, - "filePath": "usr/local/lib/python3.10/site-packages/joblib-1.4.2.dist-info/METADATA", - "name": "joblib", - "packageManager": "PYTHONPKG", - "version": "1.4.2" - } - ] - }, - "CVE-2024-35195": { - "description": "Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.", - "remediation": { - "recommendation": { - "text": "None Provided" - } - }, - "score": 0.0, - "score_details": {}, - "severity": "UNTRIAGED", - "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35195", - "status": "ACTIVE", - "title": "CVE-2024-35195 - requests", - "vulnerability_id": "CVE-2024-35195", - "vulnerable_packages": [ - { - "epoch": 0, - "filePath": "usr/local/lib/python3.10/site-packages/requests-2.31.0.dist-info/METADATA", - "name": "requests", - "packageManager": "PYTHONPKG", - "version": "2.31.0" - } - ] - }, "CVE-2024-3568": { "description": "The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine.", "remediation": { @@ -292,54 +192,67 @@ "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3568", "status": "ACTIVE", - "title": "CVE-2024-3568 - transformers", + "title": "CVE-2024-3568 - transformers, transformers", "vulnerability_id": "CVE-2024-3568", "vulnerable_packages": [ { "epoch": 0, - "filePath": "usr/local/lib/python3.10/site-packages/transformers-4.36.2.dist-info/METADATA", + "filePath": "usr/local/lib/python3.10/site-packages/transformers-4.31.0.dist-info/METADATA", "name": "transformers", "packageManager": "PYTHONPKG", - "version": "4.36.2" + "version": "4.31.0" + }, + { + "epoch": 0, + "filePath": "requirements.txt", + "name": "transformers", + "packageManager": "PIP", + "version": "4.31.0" } ] }, - "CVE-2024-3651": { - "description": " [potential DoS via resource consumption via specially crafted inputs to idna.encode()]", + "CVE-2024-5452": { + "description": "A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the `deepdiff` library. The library uses `deepdiff.Delta` objects to modify application state based on frontend actions. However, it is possible to bypass the intended restrictions on modifying dunder attributes, allowing an attacker to construct a serialized delta that passes the deserializer whitelist and contains dunder attributes. When processed, this can be exploited to access other modules, classes, and instances, leading to arbitrary attribute write and total RCE on any self-hosted pytorch-lightning application in its default configuration, as the delta endpoint is enabled by default.", "remediation": { "recommendation": { "text": "None Provided" } }, - "score": 0.0, - "score_details": {}, - "severity": "MEDIUM", - "source": "UBUNTU_CVE", - "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-3651.html", + "score": 9.8, + "score_details": { + "cvss": { + "adjustments": [], + "score": 9.8, + "scoreSource": "NVD", + "scoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "severity": "CRITICAL", + "source": "NVD", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5452", "status": "ACTIVE", - "title": "CVE-2024-3651 - python3-idna, python-idna", - "vulnerability_id": "CVE-2024-3651", + "title": "CVE-2024-5452 - pytorch-lightning, pytorch-lightning", + "vulnerability_id": "CVE-2024-5452", "vulnerable_packages": [ { - "arch": "ALL", "epoch": 0, - "name": "python3-idna", - "packageManager": "OS", - "release": "1", - "version": "2.8" + "filePath": "usr/local/lib/python3.10/site-packages/pytorch_lightning-1.8.6.dist-info/METADATA", + "name": "pytorch-lightning", + "packageManager": "PYTHONPKG", + "version": "1.8.6" }, { - "arch": "ALL", "epoch": 0, - "name": "python-idna", - "packageManager": "OS", - "release": "1", - "version": "2.8" + "filePath": "requirements.txt", + "name": "pytorch-lightning", + "packageManager": "PIP", + "version": "1.8.6" } ] }, - "CVE-2024-4603": { - "description": "Issue summary: Checking excessively long DSA keys or parameters may be very\nslow.\n\nImpact summary: Applications that use the functions EVP_PKEY_param_check()\nor EVP_PKEY_public_check() to check a DSA public key or DSA parameters may\nexperience long delays. Where the key or parameters that are being checked\nhave been obtained from an untrusted source this may lead to a Denial of\nService.\n\nThe functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform\nvarious checks on DSA parameters. Some of those computations take a long time\nif the modulus (`p` parameter) is too large.\n\nTrying to use a very large modulus is slow and OpenSSL will not allow using\npublic keys with a modulus which is over 10,000 bits in length for signature\nverification. However the key and parameter check functions do not limit\nthe modulus size when performing the checks.\n\nAn application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()\nand supplies a key or parameters obtained from an untrusted source could be\nvulnerable to", + "CVE-2024-5980": { + "description": "A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the plugin_server, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path traversal vulnerabilities. This can result in arbitrary files being written to any directory in the victim's local file system, potentially leading to remote code execution.", "remediation": { "recommendation": { "text": "None Provided" @@ -349,18 +262,25 @@ "score_details": {}, "severity": "UNTRIAGED", "source": "NVD", - "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4603", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5980", "status": "ACTIVE", - "title": "CVE-2024-4603 - cryptography", - "vulnerability_id": "CVE-2024-4603", + "title": "CVE-2024-5980 - pytorch-lightning, pytorch-lightning", + "vulnerability_id": "CVE-2024-5980", "vulnerable_packages": [ { "epoch": 0, - "filePath": "usr/local/lib/python3.10/site-packages/cryptography-42.0.7.dist-info/METADATA", - "name": "cryptography", + "filePath": "usr/local/lib/python3.10/site-packages/pytorch_lightning-1.8.6.dist-info/METADATA", + "name": "pytorch-lightning", "packageManager": "PYTHONPKG", - "version": "42.0.7" + "version": "1.8.6" + }, + { + "epoch": 0, + "filePath": "requirements.txt", + "name": "pytorch-lightning", + "packageManager": "PIP", + "version": "1.8.6" } ] } -} +} \ No newline at end of file diff --git a/docker/pytorch/training/common/apex_setup.py b/docker/pytorch/training/common/apex_setup.py new file mode 100644 index 0000000..cef44ba --- /dev/null +++ b/docker/pytorch/training/common/apex_setup.py @@ -0,0 +1,20 @@ +import sys +import warnings +import os +from packaging.version import parse, Version + +from setuptools import setup, find_packages +import subprocess + +import torch +from torch.utils.cpp_extension import BuildExtension, CppExtension, CUDAExtension, CUDA_HOME, load + +setup( + name="apex", + version="0.1", + packages=find_packages( + exclude=("build", "csrc", "include", "tests", "dist", "docs", "tests", "examples", "apex.egg-info",) + ), + install_requires=["packaging>20.6",], + description="PyTorch Extensions written by NVIDIA", +) \ No newline at end of file