Skip to content

Commit

Permalink
Add Dockerfiles for Neuron DLC with SDK 2.18.2 (#14)
Browse files Browse the repository at this point in the history 
*Description of changes:*

Add Dockerfiles for Neuron DLC with SDK 2.18.2

By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice.

Signed-off-by: Ziwen Ning <ningziwe@amazon.com>
  • Loading branch information
@ningziwen
ningziwen authored May 1, 2024
1 parent 3c03a7f commit 9a156d1
Show file tree
Hide file tree
Showing 9 changed files with 191 additions and 115 deletions.
66 changes: 29 additions & 37 deletions docker/pytorch/inference/1.13.1/Dockerfile.neuron.cve_allowlist.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,80 +12,72 @@
"source": "NVD",
"source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511",
"status": "ACTIVE",
"title": "CVE-2024-2511 - pyOpenSSL, cryptography",
"title": "CVE-2024-2511 - cryptography, pyOpenSSL",
"vulnerability_id": "CVE-2024-2511",
"vulnerable_packages": [
{
"epoch": 0,
"filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA",
"name": "pyOpenSSL",
"filePath": "opt/conda/lib/python3.10/site-packages/cryptography-42.0.5.dist-info/METADATA",
"name": "cryptography",
"packageManager": "PYTHONPKG",
"version": "24.0.0"
"version": "42.0.5"
},
{
"epoch": 0,
"filePath": "opt/conda/lib/python3.10/site-packages/cryptography-42.0.5.dist-info/METADATA",
"name": "cryptography",
"filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA",
"name": "pyOpenSSL",
"packageManager": "PYTHONPKG",
"version": "42.0.5"
"version": "24.0.0"
}
]
},
"GHSA-jjg7-2v4v-x38h": {
"description": "### Impact\nA specially crafted argument to the `idna.encode()` function could consume significant resources. This may lead to a denial-of-service.\n\n### Patches\nThe function has been refined to reject such strings without the associated resource consumption in version 3.7.\n\n### Workarounds\nDomain names cannot exceed 253 characters in length, if this length limit is enforced prior to passing the domain to the `idna.encode()` function it should no longer consume significant resources. This is triggered by arbitrarily large inputs that would not occur in normal usage, but may be passed to the library assuming there is no preliminary input validation by the higher-level application.\n\n### References\n* https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb",
"CVE-2024-31580": {
"description": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
"remediation": {
"recommendation": {
"text": "None Provided"
}
},
"score": 0.0,
"score_details": {},
"severity": "MEDIUM",
"source": "GITHUB",
"source_url": "https://github.com/advisories/GHSA-jjg7-2v4v-x38h",
"severity": "UNTRIAGED",
"source": "NVD",
"source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31580",
"status": "ACTIVE",
"title": "GHSA-jjg7-2v4v-x38h - idna",
"vulnerability_id": "GHSA-jjg7-2v4v-x38h",
"title": "CVE-2024-31580 - torch",
"vulnerability_id": "CVE-2024-31580",
"vulnerable_packages": [
{
"epoch": 0,
"filePath": "opt/conda/lib/python3.10/site-packages/idna-3.6.dist-info/METADATA",
"name": "idna",
"filePath": "opt/conda/lib/python3.10/site-packages/torch-1.13.1.dist-info/METADATA",
"name": "torch",
"packageManager": "PYTHONPKG",
"version": "3.6"
"version": "1.13.1"
}
]
},
"SNYK-PYTHON-IDNA-6597975": {
"description": "## Overview\n\nAffected versions of this package are vulnerable to Resource Exhaustion via the `idna.encode` function. An attacker can consume significant resources and potentially cause a denial-of-service by supplying specially crafted arguments to this function. \r\n\r\n**Note:**\r\nThis is triggered by arbitrarily large inputs that would not occur in normal usage but may be passed to the library assuming there is no preliminary input validation by the higher-level application.\n## Remediation\nUpgrade `idna` to version 3.7 or higher.\n## References\n- [GitHub Commit](https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7)",
"CVE-2024-31583": {
"description": "Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.",
"remediation": {
"recommendation": {
"text": "None Provided"
}
},
"score": 6.2,
"score_details": {
"cvss": {
"adjustments": [],
"score": 6.2,
"scoreSource": "SNYK",
"scoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"severity": "MEDIUM",
"source": "SNYK",
"source_url": "https://security.snyk.io/vuln/SNYK-PYTHON-IDNA-6597975",
"score": 0.0,
"score_details": {},
"severity": "UNTRIAGED",
"source": "NVD",
"source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31583",
"status": "ACTIVE",
"title": "IN1-PYTHON-IDNA-6597975 - idna",
"vulnerability_id": "SNYK-PYTHON-IDNA-6597975",
"title": "CVE-2024-31583 - torch",
"vulnerability_id": "CVE-2024-31583",
"vulnerable_packages": [
{
"epoch": 0,
"filePath": "opt/conda/lib/python3.10/site-packages/idna-3.6.dist-info/METADATA",
"name": "idna",
"filePath": "opt/conda/lib/python3.10/site-packages/torch-1.13.1.dist-info/METADATA",
"name": "torch",
"packageManager": "PYTHONPKG",
"version": "3.6"
"version": "1.13.1"
}
]
}
Expand Down
2 changes: 1 addition & 1 deletion docker/pytorch/inference/1.13.1/Dockerfile.neuronx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ LABEL com.amazonaws.sagemaker.capabilities.accept-bind-to-port=true
# Neuron SDK components version numbers
ARG NEURONX_FRAMEWORK_VERSION=1.13.1.1.14.0
ARG NEURONX_DISTRIBUTED_VERSION=0.7.0
ARG NEURONX_CC_VERSION=2.13.68.0
ARG NEURONX_CC_VERSION=2.13.72.0
ARG NEURONX_TRANSFORMERS_VERSION=0.10.0.360
ARG NEURONX_COLLECTIVES_LIB_VERSION=2.20.22.0-c101c322e
ARG NEURONX_RUNTIME_LIB_VERSION=2.20.22.0-1b3ca6425
Expand Down
66 changes: 29 additions & 37 deletions docker/pytorch/inference/1.13.1/Dockerfile.neuronx.cve_allowlist.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,80 +12,72 @@
"source": "NVD",
"source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511",
"status": "ACTIVE",
"title": "CVE-2024-2511 - pyOpenSSL, cryptography",
"title": "CVE-2024-2511 - cryptography, pyOpenSSL",
"vulnerability_id": "CVE-2024-2511",
"vulnerable_packages": [
{
"epoch": 0,
"filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA",
"name": "pyOpenSSL",
"filePath": "opt/conda/lib/python3.10/site-packages/cryptography-42.0.5.dist-info/METADATA",
"name": "cryptography",
"packageManager": "PYTHONPKG",
"version": "24.0.0"
"version": "42.0.5"
},
{
"epoch": 0,
"filePath": "opt/conda/lib/python3.10/site-packages/cryptography-42.0.5.dist-info/METADATA",
"name": "cryptography",
"filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA",
"name": "pyOpenSSL",
"packageManager": "PYTHONPKG",
"version": "42.0.5"
"version": "24.0.0"
}
]
},
"GHSA-jjg7-2v4v-x38h": {
"description": "### Impact\nA specially crafted argument to the `idna.encode()` function could consume significant resources. This may lead to a denial-of-service.\n\n### Patches\nThe function has been refined to reject such strings without the associated resource consumption in version 3.7.\n\n### Workarounds\nDomain names cannot exceed 253 characters in length, if this length limit is enforced prior to passing the domain to the `idna.encode()` function it should no longer consume significant resources. This is triggered by arbitrarily large inputs that would not occur in normal usage, but may be passed to the library assuming there is no preliminary input validation by the higher-level application.\n\n### References\n* https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb",
"CVE-2024-31580": {
"description": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
"remediation": {
"recommendation": {
"text": "None Provided"
}
},
"score": 0.0,
"score_details": {},
"severity": "MEDIUM",
"source": "GITHUB",
"source_url": "https://github.com/advisories/GHSA-jjg7-2v4v-x38h",
"severity": "UNTRIAGED",
"source": "NVD",
"source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31580",
"status": "ACTIVE",
"title": "GHSA-jjg7-2v4v-x38h - idna",
"vulnerability_id": "GHSA-jjg7-2v4v-x38h",
"title": "CVE-2024-31580 - torch",
"vulnerability_id": "CVE-2024-31580",
"vulnerable_packages": [
{
"epoch": 0,
"filePath": "opt/conda/lib/python3.10/site-packages/idna-3.6.dist-info/METADATA",
"name": "idna",
"filePath": "opt/conda/lib/python3.10/site-packages/torch-1.13.1.dist-info/METADATA",
"name": "torch",
"packageManager": "PYTHONPKG",
"version": "3.6"
"version": "1.13.1"
}
]
},
"SNYK-PYTHON-IDNA-6597975": {
"description": "## Overview\n\nAffected versions of this package are vulnerable to Resource Exhaustion via the `idna.encode` function. An attacker can consume significant resources and potentially cause a denial-of-service by supplying specially crafted arguments to this function. \r\n\r\n**Note:**\r\nThis is triggered by arbitrarily large inputs that would not occur in normal usage but may be passed to the library assuming there is no preliminary input validation by the higher-level application.\n## Remediation\nUpgrade `idna` to version 3.7 or higher.\n## References\n- [GitHub Commit](https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7)",
"CVE-2024-31583": {
"description": "Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.",
"remediation": {
"recommendation": {
"text": "None Provided"
}
},
"score": 6.2,
"score_details": {
"cvss": {
"adjustments": [],
"score": 6.2,
"scoreSource": "SNYK",
"scoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"severity": "MEDIUM",
"source": "SNYK",
"source_url": "https://security.snyk.io/vuln/SNYK-PYTHON-IDNA-6597975",
"score": 0.0,
"score_details": {},
"severity": "UNTRIAGED",
"source": "NVD",
"source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31583",
"status": "ACTIVE",
"title": "IN1-PYTHON-IDNA-6597975 - idna",
"vulnerability_id": "SNYK-PYTHON-IDNA-6597975",
"title": "CVE-2024-31583 - torch",
"vulnerability_id": "CVE-2024-31583",
"vulnerable_packages": [
{
"epoch": 0,
"filePath": "opt/conda/lib/python3.10/site-packages/idna-3.6.dist-info/METADATA",
"name": "idna",
"filePath": "opt/conda/lib/python3.10/site-packages/torch-1.13.1.dist-info/METADATA",
"name": "torch",
"packageManager": "PYTHONPKG",
"version": "3.6"
"version": "1.13.1"
}
]
}
Expand Down
2 changes: 1 addition & 1 deletion docker/pytorch/inference/2.1.2/Dockerfile.neuronx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ LABEL com.amazonaws.sagemaker.capabilities.accept-bind-to-port=true

# Neuron SDK components version numbers
ARG NEURONX_DISTRIBUTED_VERSION=0.7.0
ARG NEURONX_CC_VERSION=2.13.68.0
ARG NEURONX_CC_VERSION=2.13.72.0
ARG NEURONX_FRAMEWORK_VERSION=2.1.2.2.1.0
ARG NEURONX_TRANSFORMERS_VERSION=0.10.0.360
ARG NEURONX_COLLECTIVES_LIB_VERSION=2.20.22.0-c101c322e
Expand Down
66 changes: 29 additions & 37 deletions docker/pytorch/inference/2.1.2/Dockerfile.neuronx.cve_allowlist.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,80 +12,72 @@
"source": "NVD",
"source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511",
"status": "ACTIVE",
"title": "CVE-2024-2511 - cryptography, pyOpenSSL",
"title": "CVE-2024-2511 - pyOpenSSL, cryptography",
"vulnerability_id": "CVE-2024-2511",
"vulnerable_packages": [
{
"epoch": 0,
"filePath": "opt/conda/lib/python3.10/site-packages/cryptography-42.0.5.dist-info/METADATA",
"name": "cryptography",
"filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA",
"name": "pyOpenSSL",
"packageManager": "PYTHONPKG",
"version": "42.0.5"
"version": "24.0.0"
},
{
"epoch": 0,
"filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA",
"name": "pyOpenSSL",
"filePath": "opt/conda/lib/python3.10/site-packages/cryptography-42.0.5.dist-info/METADATA",
"name": "cryptography",
"packageManager": "PYTHONPKG",
"version": "24.0.0"
"version": "42.0.5"
}
]
},
"GHSA-jjg7-2v4v-x38h": {
"description": "### Impact\nA specially crafted argument to the `idna.encode()` function could consume significant resources. This may lead to a denial-of-service.\n\n### Patches\nThe function has been refined to reject such strings without the associated resource consumption in version 3.7.\n\n### Workarounds\nDomain names cannot exceed 253 characters in length, if this length limit is enforced prior to passing the domain to the `idna.encode()` function it should no longer consume significant resources. This is triggered by arbitrarily large inputs that would not occur in normal usage, but may be passed to the library assuming there is no preliminary input validation by the higher-level application.\n\n### References\n* https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb",
"CVE-2024-31580": {
"description": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
"remediation": {
"recommendation": {
"text": "None Provided"
}
},
"score": 0.0,
"score_details": {},
"severity": "MEDIUM",
"source": "GITHUB",
"source_url": "https://github.com/advisories/GHSA-jjg7-2v4v-x38h",
"severity": "UNTRIAGED",
"source": "NVD",
"source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31580",
"status": "ACTIVE",
"title": "GHSA-jjg7-2v4v-x38h - idna",
"vulnerability_id": "GHSA-jjg7-2v4v-x38h",
"title": "CVE-2024-31580 - torch",
"vulnerability_id": "CVE-2024-31580",
"vulnerable_packages": [
{
"epoch": 0,
"filePath": "opt/conda/lib/python3.10/site-packages/idna-3.6.dist-info/METADATA",
"name": "idna",
"filePath": "opt/conda/lib/python3.10/site-packages/torch-2.1.2.dist-info/METADATA",
"name": "torch",
"packageManager": "PYTHONPKG",
"version": "3.6"
"version": "2.1.2"
}
]
},
"SNYK-PYTHON-IDNA-6597975": {
"description": "## Overview\n\nAffected versions of this package are vulnerable to Resource Exhaustion via the `idna.encode` function. An attacker can consume significant resources and potentially cause a denial-of-service by supplying specially crafted arguments to this function. \r\n\r\n**Note:**\r\nThis is triggered by arbitrarily large inputs that would not occur in normal usage but may be passed to the library assuming there is no preliminary input validation by the higher-level application.\n## Remediation\nUpgrade `idna` to version 3.7 or higher.\n## References\n- [GitHub Commit](https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7)",
"CVE-2024-31583": {
"description": "Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.",
"remediation": {
"recommendation": {
"text": "None Provided"
}
},
"score": 6.2,
"score_details": {
"cvss": {
"adjustments": [],
"score": 6.2,
"scoreSource": "SNYK",
"scoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"severity": "MEDIUM",
"source": "SNYK",
"source_url": "https://security.snyk.io/vuln/SNYK-PYTHON-IDNA-6597975",
"score": 0.0,
"score_details": {},
"severity": "UNTRIAGED",
"source": "NVD",
"source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31583",
"status": "ACTIVE",
"title": "IN1-PYTHON-IDNA-6597975 - idna",
"vulnerability_id": "SNYK-PYTHON-IDNA-6597975",
"title": "CVE-2024-31583 - torch",
"vulnerability_id": "CVE-2024-31583",
"vulnerable_packages": [
{
"epoch": 0,
"filePath": "opt/conda/lib/python3.10/site-packages/idna-3.6.dist-info/METADATA",
"name": "idna",
"filePath": "opt/conda/lib/python3.10/site-packages/torch-2.1.2.dist-info/METADATA",
"name": "torch",
"packageManager": "PYTHONPKG",
"version": "3.6"
"version": "2.1.2"
}
]
}
Expand Down
2 changes: 1 addition & 1 deletion docker/pytorch/training/1.13.1/Dockerfile.neuronx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ LABEL dlc_major_version="1"
# Neuron SDK components version numbers
ARG NEURONX_FRAMEWORK_VERSION=1.13.1.1.14.0
ARG NEURONX_DISTRIBUTED_VERSION=0.7.0
ARG NEURONX_CC_VERSION=2.13.68.0
ARG NEURONX_CC_VERSION=2.13.72.0
ARG NEURONX_COLLECTIVES_LIB_VERSION=2.20.22.0-c101c322e
ARG NEURONX_RUNTIME_LIB_VERSION=2.20.22.0-1b3ca6425
ARG NEURONX_TOOLS_VERSION=2.17.1.0
Expand Down
Loading

0 comments on commit 9a156d1

Please sign in to comment.