Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update runc binary to v1.1.12 #47268

Merged
merged 1 commit into from
Jan 31, 2024
Merged

update runc binary to v1.1.12 #47268

merged 1 commit into from
Jan 31, 2024

Conversation

thaJeztah
Copy link
Member

Update the runc binary that's used in CI and for the static packages, which includes a fix for CVE-2024-21626.

- What I did

- How I did it

- How to verify it

- Description for the changelog

- A picture of a cute animal (not mandatory but encouraged)

@thaJeztah
update runc binary to v1.1.12
44bf407 
Update the runc binary that's used in CI and for the static packages, which
includes a fix for [CVE-2024-21626].

- release notes: https://github.com/opencontainers/runc/releases/tag/v1.1.12
- full diff: opencontainers/runc@v1.1.11...v1.1.12

[CVE-2024-21626]: GHSA-xr7r-f8xq-vfvv

Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah thaJeztah added this to the 26.0.0 milestone Jan 31, 2024
@thaJeztah thaJeztah requested a review from tianon as a code owner January 31, 2024 20:09
laurazard
laurazard approved these changes Jan 31, 2024
View reviewed changes
Copy link
Member

@laurazard laurazard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

This was referenced Jan 31, 2024
Merged
Merged
Merged
@thaJeztah
Copy link
Member Author

Failure is unrelated, and looks like we can ignore;

=== Failed
=== FAIL: amd64.integration.plugin.authz TestAuthZPluginV2Disable (8.97s)
    authz_plugin_v2_test.go:68: assertion failed: error is not nil: Error response from daemon: plugin "riyaz/authz-no-volume-plugin:latest" not found

@thaJeztah
Copy link
Member Author

Everything else is green; bringing this one in

@thaJeztah thaJeztah merged commit 7a920fd into moby:master Jan 31, 2024
127 of 128 checks passed
@thaJeztah thaJeztah deleted the bump_runc_binary_1.1.12 branch January 31, 2024 21:50
@dmlause
Copy link

dmlause commented Jan 31, 2024
edited
Loading

@thaJeztah - Is this PR going to be backported to 20.10 as well?

@thaJeztah
Copy link
Member Author

20.10 is EOL, so no backport there, but if you're running docker from deb or rpm packages, the runc binary is part of the containerd.io package, which is currently being published, so you can update the containerd.io package, to get a patched version of runc

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@laurazard laurazard laurazard approved these changes

@vvoland vvoland vvoland approved these changes

@rumpl rumpl rumpl approved these changes

@tianon tianon Awaiting requested review from tianon tianon is a code owner

Assignees
No one assigned
Labels
area/runtime impact/changelog status/4-merge
Projects
None yet
Milestone
26.0.0
Development

Successfully merging this pull request may close these issues.
5 participants
@thaJeztah @dmlause @rumpl @vvoland @laurazard