-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
runc: bump to newest version #3982
runc: bump to newest version #3982
Conversation
@christoph-zededa this looks good. You need to update the downstream dependencies as well. CI will pick up on all of the changes and push them out, but you need to tell downstream to use the updated I cannot find the docs on it now - no idea why - but all you need to do is run the update: ./scripts/update-component-sha.sh --pkg ./pkg/runc That will calculate the tag for Once that is in, CI will catch everything. |
Done that, but now I see it has appended "-dirty" to the tags. |
This version includes a fix for CVE-2024-21626 which allowed an attacker in bad circumstances to "escape containerized environments". See also https://access.redhat.com/security/cve/cve-2024-21626 Signed-off-by: Christoph Ostarek <christoph@zededa.com>
./scripts/update-component-sha.sh --pkg ./pkg/runc Signed-off-by: Christoph Ostarek <christoph@zededa.com>
8895500
to
819d83b
Compare
Resolved - seems the issue was that I had to rebase on latest master. |
Likely there were uncommitted changes in |
Yeah, I pulled your branch down and run |
This version includes a fix for CVE-2024-21626 which allowed an attacker in bad circumstances to
"escape containerized environments".
See also https://access.redhat.com/security/cve/cve-2024-21626
- What I did
Bumped runc version
- How I did it
Changed variable in dockerfile
- How to verify it
- Description for the changelog
Bumping runc to fix CVE-2024-21626
- A picture of a cute animal (not mandatory but encouraged)
https://en.wikipedia.org/wiki/Punxsutawney_Phil#/media/File:Punxsutawney_Phil_2018_(cropped).jpg