| Message ID | 20210312224833.1908386-1-christian@paral.in |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/3] package/docker-containerd: security bump to 1.4.4 | expand |
Christian, All, On 2021-03-12 14:48 -0800, Christian Stewart spake thusly: > Security fix for CVE-2021-21334: > > https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4 > > Other changes: > > - Fix container create in CRI to prevent possible environment variable leak between containers > - Update shim server to return grpc NotFound error > - Add bounds on max oom_score_adj value for shim's AdjustOOMScore > - Update task manager to use fresh context when calling shim shutdown > - Update Docker resolver to avoid possible concurrent map access panic > - Update shim's log file open flags to avoid containerd hang on syscall open > - Fix incorrect usage calculation > > Signed-off-by: Christian Stewart <christian@paral.in> Series of 3 applied to master, thanks. Regards, Yann E. MORIN. > --- > package/docker-containerd/docker-containerd.hash | 2 +- > package/docker-containerd/docker-containerd.mk | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/package/docker-containerd/docker-containerd.hash b/package/docker-containerd/docker-containerd.hash > index c5cfc137b8..bb544e8d60 100644 > --- a/package/docker-containerd/docker-containerd.hash > +++ b/package/docker-containerd/docker-containerd.hash > @@ -1,3 +1,3 @@ > # Computed locally > -sha256 bc6d9452c700af0ebc09c0da8ddba55be4c03ac8928e72ca92d98905800c8018 docker-containerd-1.4.3.tar.gz > +sha256 ac62c64664bf62fd44df0891c896eecdb6d93def3438271d7892dca75bc069d1 docker-containerd-1.4.4.tar.gz > sha256 4bbe3b885e8cd1907ab4cf9a41e862e74e24b5422297a4f2fe524e6a30ada2b4 LICENSE > diff --git a/package/docker-containerd/docker-containerd.mk b/package/docker-containerd/docker-containerd.mk > index 626889e5f4..e229d9cb54 100644 > --- a/package/docker-containerd/docker-containerd.mk > +++ b/package/docker-containerd/docker-containerd.mk > @@ -4,7 +4,7 @@ > # > ################################################################################ > > -DOCKER_CONTAINERD_VERSION = 1.4.3 > +DOCKER_CONTAINERD_VERSION = 1.4.4 > DOCKER_CONTAINERD_SITE = $(call github,containerd,containerd,v$(DOCKER_CONTAINERD_VERSION)) > DOCKER_CONTAINERD_LICENSE = Apache-2.0 > DOCKER_CONTAINERD_LICENSE_FILES = LICENSE > -- > 2.30.2 > > _______________________________________________ > buildroot mailing list > buildroot@busybox.net > http://lists.busybox.net/mailman/listinfo/buildroot
>>>>> "Christian" == Christian Stewart <christian@paral.in> writes: > Security fix for CVE-2021-21334: > https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4 > Other changes: > - Fix container create in CRI to prevent possible environment > variable leak between containers > - Update shim server to return grpc NotFound error > - Add bounds on max oom_score_adj value for shim's AdjustOOMScore > - Update task manager to use fresh context when calling shim shutdown > - Update Docker resolver to avoid possible concurrent map access panic > - Update shim's log file open flags to avoid containerd hang on syscall open > - Fix incorrect usage calculation > Signed-off-by: Christian Stewart <christian@paral.in> Committed to 2020.02.x, 2020.11.x and 2021.02.x, thanks.
diff --git a/package/docker-containerd/docker-containerd.hash b/package/docker-containerd/docker-containerd.hash index c5cfc137b8..bb544e8d60 100644 --- a/package/docker-containerd/docker-containerd.hash +++ b/package/docker-containerd/docker-containerd.hash @@ -1,3 +1,3 @@ # Computed locally -sha256 bc6d9452c700af0ebc09c0da8ddba55be4c03ac8928e72ca92d98905800c8018 docker-containerd-1.4.3.tar.gz +sha256 ac62c64664bf62fd44df0891c896eecdb6d93def3438271d7892dca75bc069d1 docker-containerd-1.4.4.tar.gz sha256 4bbe3b885e8cd1907ab4cf9a41e862e74e24b5422297a4f2fe524e6a30ada2b4 LICENSE diff --git a/package/docker-containerd/docker-containerd.mk b/package/docker-containerd/docker-containerd.mk index 626889e5f4..e229d9cb54 100644 --- a/package/docker-containerd/docker-containerd.mk +++ b/package/docker-containerd/docker-containerd.mk @@ -4,7 +4,7 @@ # ################################################################################ -DOCKER_CONTAINERD_VERSION = 1.4.3 +DOCKER_CONTAINERD_VERSION = 1.4.4 DOCKER_CONTAINERD_SITE = $(call github,containerd,containerd,v$(DOCKER_CONTAINERD_VERSION)) DOCKER_CONTAINERD_LICENSE = Apache-2.0 DOCKER_CONTAINERD_LICENSE_FILES = LICENSE
Security fix for CVE-2021-21334: https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4 Other changes: - Fix container create in CRI to prevent possible environment variable leak between containers - Update shim server to return grpc NotFound error - Add bounds on max oom_score_adj value for shim's AdjustOOMScore - Update task manager to use fresh context when calling shim shutdown - Update Docker resolver to avoid possible concurrent map access panic - Update shim's log file open flags to avoid containerd hang on syscall open - Fix incorrect usage calculation Signed-off-by: Christian Stewart <christian@paral.in> --- package/docker-containerd/docker-containerd.hash | 2 +- package/docker-containerd/docker-containerd.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)