Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 7.53.x] [kitchen/e2e] update amazon linux 2023 x86_64 #25772

Merged
merged 1 commit into from
May 22, 2024
Merged

[Backport 7.53.x] [kitchen/e2e] update amazon linux 2023 x86_64 #25772

merged 1 commit into from
May 22, 2024

Conversation

agent-platform-auto-pr[bot]
Copy link
Contributor

Backport 654e4bf from #25707.

What does this PR do?

  • Update Amazon Linux 2023 x86_64 AMI for kitchen an E2E tests with a copy of AMI ami-0bb84b8ffd87024d8, Amazon Linux 2023 x86_64, targeting runc-1.1.11-1.amzn2023.0.1.src.rpm
  • Update Amazon Linux 2023 arm64 AMI for kitchen and E2E tests with a copy of AMI ami-04b395c05193adbbd from al2023-ami-2023.4.20240513.0-kernel-6.1-arm64 targeting runc-1.1.11-1.amzn2023.0.1.src.rpm

Motivation

Previous hosts are affected by https://nvd.nist.gov/vuln/detail/CVE-2024-21626

Incident-27459
Incident-27490

The previous Amazon Linux 2023 x86_64 in use in our e2e tests had a security vulnerability due to the version of runc, installed at docker install within the agent security kitchen tests.

The CVE mentions that the vulnerability is fixed in runc 1.1.12+, but for Amazon Linux 2023 this is fixed in runc-1.1.11-1.amzn2023.0.1+, as mentioned in https://alas.aws.amazon.com/AL2023/ALAS-2024-501.html

Additional Notes

Possible Drawbacks / Trade-offs

Describe how to test/QA your changes

  • cd to ~/dd/test-infra-definitions
  • create a VM using
inv create-vm -m ami-0a515c154e76934f7 -o amazonlinux --no-install-agent
  • ssh to the VM
  • Run yum info runc and ensure the target package version is runc-1.1.11-1.amzn2023.0.1.src.rpm
  • Destroy the VM with inv destroy-vm -y
  • Create a VM using
inv create-vm -m ami-064ed2d3fc01d3ec1 -o amazonlinux --no-install-agent
  • ssh to the VM
  • Run yum info runc and ensure the target package version is runc-1.1.11-1.amzn2023.0.1.src.rpm
  • Destroy the VM with inv destroy-vm -y

@pducolin @github-actions
[kitchen/e2e] update amazon linux 2023 x86_64 (#25707)
b4ae7f8 
* [kitchen/e2e] update amazon linux 2023 x86_64

* [e2e] bump amazon 2023 amis

* [e2e] bump amazon linux 2023 arm64

(cherry picked from commit 654e4bf)
@agent-platform-auto-pr agent-platform-auto-pr bot requested a review from a team as a code owner May 21, 2024 10:20
@agent-platform-auto-pr agent-platform-auto-pr bot added changelog/no-changelog qa/no-code-change No code change in Agent code requiring validation backport labels May 21, 2024
@agent-platform-auto-pr agent-platform-auto-pr bot requested a review from a team as a code owner May 21, 2024 10:20
@pr-commenter
Copy link

pr-commenter bot commented May 21, 2024

Test changes on VM

Use this command from test-infra-definitions to manually test this PR changes on a VM:

inv create-vm --pipeline-id=34714825 --os-family=ubuntu

@KevinFairise2 KevinFairise2 merged commit 1903bc0 into 7.53.x May 22, 2024
200 of 202 checks passed
@KevinFairise2 KevinFairise2 deleted the backport-25707-to-7.53.x branch May 22, 2024 07:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KevinFairise2 KevinFairise2 KevinFairise2 approved these changes

Assignees
No one assigned
Labels
backport bot changelog/no-changelog qa/no-code-change No code change in Agent code requiring validation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@KevinFairise2 @pducolin