From: Bruce Ashfield <bruce.ashfield@gmail.com>
To: bruce.ashfield@gmail.com
Cc: Thomas Schlien <ts@ferncast.de>,
meta-virtualization@lists.yoctoproject.org
Subject: Re: [meta-virtualization][PATCH] Update runc-opencontainers to 1.1.12 since old versions have a severe security issue
Date: Tue, 19 Mar 2024 13:16:58 -0400 [thread overview]
Message-ID: <CADkTA4OOdxj6oLYM1EuCTvU7CwaeWBaVWdWdg1YNFsBS8Xj3NA@mail.gmail.com> (raw)
In-Reply-To: <17BE39A1457CB4C5.24580@lists.yoctoproject.org>
I should also add that I'll be doing one more bump on a few packages
in the next few weeks (including runc), but generally speaking I'm not
doing any more updates right now as the large stack in master-next is
being stabilized.
Bruce
On Tue, Mar 19, 2024 at 1:11 PM Bruce Ashfield via
lists.yoctoproject.org
<bruce.ashfield=gmail.com@lists.yoctoproject.org> wrote:
>
> Look further, there's two commits. 1.11 and 1.12.
>
> https://git.yoctoproject.org/meta-virtualization/commit/?h=master-next&id=9213f05f5591b499809b81a46b8d05e10935f001
>
> I didn't bump runc-docker, since it is going away.
>
> Bruce
>
> On Tue, Mar 19, 2024 at 12:28 PM Thomas Schlien <ts@ferncast.de> wrote:
> >
> > Hi,
> >
> > I had a look at master-next and it only contains version 1.1.11, but not
> > 1.1.12 with the CVE patches.
> >
> > Best regards,
> > Thomas
> >
> > On 19.03.24 16:58, Bruce Ashfield wrote:
> > > master-next is already updated to that version.
> > >
> > > The stack is ongoing release testing, but I do expect to push master shortly.
> > >
> > > Bruce
> > >
> > > On Tue, Mar 19, 2024 at 11:54 AM Thomas Schlien <ts@ferncast.de> wrote:
> > >> CVE-2024-21626 https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv
> > >> ---
> > >> recipes-containers/runc/runc-opencontainers_git.bb | 4 ++--
> > >> 1 file changed, 2 insertions(+), 2 deletions(-)
> > >>
> > >> diff --git a/recipes-containers/runc/runc-opencontainers_git.bb b/recipes-containers/runc/runc-opencontainers_git.bb
> > >> index 61e7cfa6..88964276 100644
> > >> --- a/recipes-containers/runc/runc-opencontainers_git.bb
> > >> +++ b/recipes-containers/runc/runc-opencontainers_git.bb
> > >> @@ -1,11 +1,11 @@
> > >> include runc.inc
> > >>
> > >> -SRCREV = "f3446b1e5fe75bf419c808d8705c899ab4968b6e"
> > >> +SRCREV = "51d5e94601ceffbbd85688df1c928ecccbfa4685"
> > >> SRC_URI = " \
> > >> git://github.com/opencontainers/runc;branch=release-1.1;protocol=https \
> > >> file://0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch \
> > >> "
> > >> -RUNC_VERSION = "1.1.10"
> > >> +RUNC_VERSION = "1.1.12"
> > >>
> > >> CVE_PRODUCT = "runc"
> > >>
> > >> --
> > >> 2.40.1
> > >>
> > >>
> > >>
> > >>
> > >
> > >
> > >
> > >
> > --
> > Dr.-Ing. Thomas Schlien
> > Ferncast GmbH
> > Gallierstr. 41a, 52074 Aachen
> > Germany
> >
> > Phone: +49 241 99034567
> > Web: www.ferncast.de
> > --
> > CEO: Detlef Wiese
> > Court of Registration: Amtsgericht Aachen
> > Commercial Register: HRB 22350
> >
> >
> >
> >
>
>
> --
> - Thou shalt not follow the NULL pointer, for chaos and madness await
> thee at its end
> - "Use the force Harry" - Gandalf, Star Trek II
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#8649): https://lists.yoctoproject.org/g/meta-virtualization/message/8649
> Mute This Topic: https://lists.yoctoproject.org/mt/105026590/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
prev parent reply other threads:[~2024-03-19 17:17 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-19 15:54 [meta-virtualization][PATCH] Update runc-opencontainers to 1.1.12 since old versions have a severe security issue Thomas Schlien
2024-03-19 15:58 ` Bruce Ashfield
2024-03-19 16:28 ` Thomas Schlien
2024-03-19 17:11 ` Bruce Ashfield
[not found] ` <17BE39A1457CB4C5.24580@lists.yoctoproject.org>
2024-03-19 17:16 ` Bruce Ashfield [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CADkTA4OOdxj6oLYM1EuCTvU7CwaeWBaVWdWdg1YNFsBS8Xj3NA@mail.gmail.com \
--to=bruce.ashfield@gmail.com \
--cc=meta-virtualization@lists.yoctoproject.org \
--cc=ts@ferncast.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).