Login
Newsletter
Werbung

Sicherheit: Fehlerhafte Zugriffsrechte in cri-o
Aktuelle Meldungen Distributionen
Name: Fehlerhafte Zugriffsrechte in cri-o
ID: FEDORA-2018-320cb9d7fb
Distribution: Fedora
Plattformen: Fedora 27
Datum: Di, 26. Juni 2018, 18:39
Referenzen: https://bugzilla.redhat.com/show_bug.cgi?id=1578135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000400
Applikationen: cri-o

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2018-320cb9d7fb
2018-06-26 16:06:37.183455
-------------------------------------------------------------------------------
-

Name : cri-o
Product : Fedora 27
Version : 1.10.3
Release : 1.gite558bd5.fc27
URL : https://github.com/kubernetes-incubator/cri-o
Summary : Kubernetes Container Runtime Interface for OCI-based containers
Description :
Kubernetes Container Runtime Interface for OCI-based containers

-------------------------------------------------------------------------------
-
Update Information:

New version with a few bug fixes ---- Latest build with fixes.
-------------------------------------------------------------------------------
-
ChangeLog:

* Mon Jun 18 2018 Dan Walsh <dwalsh@redhat.com> -
2:1.10.3-1.rhaos3.10.gite558bd
- bump to v1.10.3
* Tue Jun 12 2018 Dan Walsh <dwalsh@redhat.com> -
2:1.10.2-2.rhaos3.10.git1ffcbb
- bump to v1.10.2
* Tue May 8 2018 Dan Walsh <dwalsh@redhat.com> - 2:1.10.1-1.git728df92
- bump to v1.10.1
* Tue May 8 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-37.git52d0f53
- autobuilt 52d0f53
* Mon May 7 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-36.git5eb8c3b
- autobuilt 5eb8c3b
* Sun May 6 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-35.git4e54603
- autobuilt 4e54603
* Sat May 5 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-34.git0489381
- autobuilt 0489381
* Fri May 4 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-33.git6db7ef8
- autobuilt 6db7ef8
* Wed May 2 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-32.git4e6919c
- autobuilt commit 4e6919c
* Wed May 2 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-31.git4e4f1e2
- autobuilt commit 4e4f1e2
* Mon Apr 30 2018 Dan Walsh <dwalsh@redhat.com> - 2:1.10.0-30.gita221a5d
- Fix crio.conf to use correct path to conmon and systemd for cgroup management
* Mon Apr 30 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-28.gita221a5d
- autobuilt commit a221a5d
* Fri Apr 27 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-27.gitc971f7b
- autobuilt commit c971f7b
* Thu Apr 26 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-26.git733d791
- autobuilt commit 733d791
* Tue Apr 24 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-25.git596d052
- autobuilt commit 596d052
* Tue Apr 17 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-24.gitc24e0d9
- autobuilt commit c24e0d9
* Tue Apr 17 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-23.gitc24e0d9
- autobuilt commit c24e0d9
* Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-22.gitc24e0d9
- autobuilt commit c24e0d9
* Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-21.gitc24e0d9
- autobuilt commit c24e0d9
* Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-20.gitc24e0d9
- autobuilt commit c24e0d9
* Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-19.gitc24e0d9
- autobuilt commit c24e0d9
* Sun Apr 15 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-18.gitc24e0d9
- autobuilt commit c24e0d9
* Sat Apr 14 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-17.gitc24e0d9
- autobuilt commit c24e0d9
* Fri Apr 13 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-16.gitc24e0d9
- autobuilt commit c24e0d9
* Thu Apr 12 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-15.gitc24e0d9
- autobuilt commit c24e0d9
* Wed Apr 11 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-14.gitc24e0d9
- autobuilt commit c24e0d9
* Tue Apr 10 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-13.gitc24e0d9
- autobuilt commit c24e0d9
* Tue Apr 10 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-12.gitc24e0d9
- autobuilt commit c24e0d9
* Tue Apr 10 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-11.git1eec122
- autobuilt commit 1eec122
* Mon Apr 9 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-10.git1eec122
- autobuilt commit 1eec122
* Mon Apr 9 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-9.git1eec122
- autobuilt commit 1eec122
* Sun Apr 8 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> -
2:1.10.0-8.gitd0dbfe0
- autobuilt commit d0dbfe0
* Sun Apr 8 2018 Lokesh Mandvekar <lsm5@fedoraproject.org> -
2:1.10.0-7.gitd0dbfe0
- autobuilt commit d0dbfe0
* Sun Apr 8 2018 Lokesh Mandvekar <lsm5@fedoraproject.org> -
2:1.10.0-6.gitd0dbfe0
- autobuilt commit d0dbfe0
* Sun Apr 8 2018 Lokesh Mandvekar <lsm5@fedoraproject.org> -
2:1.10.0-5.git86b61d4
- built commit 86b61d4
* Fri Mar 30 2018 Dan Walsh <dwalsh@redhat.com> - 2:1.10.0-4
- Release of v1.10.0
* Mon Mar 26 2018 Lokesh Mandvekar <lsm5@fedoraproject.org> -
2:1.10.0-3.gitb0f6d98
- built commit b0f6d98
* Fri Mar 16 2018 Dan Walsh <dwalsh@redhat.com> - 2:1.10.0-beta.1
- bump to v1.10.0-beta.1
* Tue Mar 13 2018 Dan Walsh <dwalsh@redhat.com> - 2:1.9.10-1.git8723732
- bump to v1.9.10
* Fri Mar 9 2018 Dan Walsh <dwalsh@redhat.com> - 2:1.9.9-1.git4d7e7dc
- bump to v1.9.9
* Thu Mar 1 2018 Lokesh Mandvekar <lsm5@fedoraproject.org> -
2:1.9.8-1.git7d9d2aa
- bump to v1.9.8
- enable integration tests for centos
* Fri Feb 23 2018 Lokesh Mandvekar <lsm5@fedoraproject.org> -
2:1.9.7-2.gita98f9c9
- make sure correct version in changelog
* Fri Feb 23 2018 Dan Walsh <dwalsh@redhat.com> - 2:1.9.7-1.gita98f9c9
- Merge pull request #1357 from runcom/netns-fixes
- sandbox_stop: close/remove the netns _after_ stopping the containers
- sandbox net: set netns closed after actaully closing it
* Wed Feb 21 2018 Dan Walsh <dwalsh@redhat.com> - 2:1.9.6-1.git5e48c92
- vendor: update c/image to handle text/plain from registries
* Fri Feb 16 2018 Dan Walsh <dwalsh@redhat.com> - 2:1.9.5-1.git125ec8a
- image: Add lock around image cache access
* Thu Feb 15 2018 Dan Walsh <dwalsh@redhat.com> - 2:1.9.4-1.git28c7dee
- imageService: cache information about images
- container_create: correctly set user
- system container: add /var/tmp as RW
* Sun Feb 11 2018 Dan Walsh <dwalsh@redhat.com> - 2:1.9.3-1.git63ea1dd
- Update containers/image and containers/storage
- Pick up lots of fixes in image and storage library
* Thu Feb 8 2018 Dan Walsh <dwalsh@redhat.com> - 2:1.9.2-1.gitb066a83
- sandbox: fix sandbox logPath when crio restarts
- syscontainers, rhel: add ADDTL_MOUNTS
- Adapt to recent containers/image API updates
- container_create: only bind mount /etc/hosts if not provided by k8s
* Wed Feb 7 2018 Fedora Release Engineering <releng@fedoraproject.org> -
2:1.9.1-2.gitb066a83
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Jan 24 2018 Dan Walsh <dwalsh@redhat.com> - 2:1.9.1-1.gitb066a8
- Final Release 1.9.1
* Mon Dec 18 2017 Lokesh Mandvekar <lsm5@fedoraproject.org> -
2:1.9.0-4.gita85ea60
- need runc >= 2:1.0.0-15
* Fri Dec 15 2017 Dan Walsh <dwalsh@redhat.com> - 2:1.9.0-3.gita85ea60
- Final Release 1.9.0
* Mon Dec 11 2017 Dan Walsh <dwalsh@redhat.com> -
2:1.9.0-1.beta.1.gita85ea60
- Update to kubernetes 1.9.0 beta 2 cri requirements
- container_exec: fix terminal true process json
- lib: sandbox: refactor to memory store
* Sun Dec 10 2017 Dan Walsh <dwalsh@redhat.com> -
2:1.9.0-1.beta.1.git0ab5e80
- Update to kubernetes 1.9.0 beta 1 cri requirements
* Sun Dec 10 2017 Dan Walsh <dwalsh@redhat.com> - 2:1.8.3-1.gitd9922a9
- container_create: fix apparmor from container config
- container_create: correctly set image and kube envs
- oci: do not append conmon env to container process
- container_exec: use process file with runc exec
* Thu Nov 30 2017 Lokesh Mandvekar <lsm5@fedoraproject.org> -
2:1.8.2-3.git3de7ab4c
- cri-o should require conmon and not the other way around
* Wed Nov 29 2017 Lokesh Mandvekar <lsm5@fedoraproject.org> -
2:1.8.2-2.git3de7ab4c
- add additional deps
- From: Antonio Murdaca <runcom@redhat.com>
* Wed Nov 29 2017 Lokesh Mandvekar <lsm5@fedoraproject.org> -
2:1.8.2-1.git3de7ab4c
- bump to v1.8.2
* Tue Nov 28 2017 Lokesh Mandvekar <lsm5@fedoraproject.org> -
2:1.8.1-2.git32d1708d
- separate conmon into a separate subpackage
* Wed Nov 22 2017 Dan Walsh <dwalsh@redhat.com> - 1.8.1-1.git32d1708d
- Add /proc/scsi to masked paths
* Mon Nov 13 2017 Dan Walsh <dwalsh@redhat.com> - 1.8.0-1.git80f54bc1
- bump v1.8.0
- Add support for Kubernetes v1.8
- kpod support moved to the kpod package.
* Thu Nov 9 2017 Lokesh Mandvekar <lsm5@fedoraproject.org> -
1.0.3-1.git17bcfb4
- bump to v1.0.3
* Mon Oct 30 2017 Dan Walsh <dwalsh@redhat.com> - 1.0.2-1.git748bc46
- Lots of bug fixes
- Fixes to pass cri-tools tests
* Wed Oct 25 2017 Dan Walsh <dwalsh@redhat.com> - 1.0.1-1.git64a30e1
- Lots of bug fixes
- Fixes to pass cri-tools tests
* Mon Oct 16 2017 Dan Walsh <dwalsh@redhat.com> - 1.0.0-6.gita636972
- Add epoch to make sure that this installs
* Mon Oct 16 2017 Dan Walsh <dwalsh@redhat.com> - 1.0.0-5.gita636972
- Get the correct checksum
* Fri Oct 13 2017 Dan Walsh <dwalsh@redhat.com> - 1.0.0-4.gitcd1bac5
- Release v1.0.0
- Performance improvements
- Add secrets patch to default mount directories from the host into containers
- Add kpod login/logout
- Change debug flag to log-level, allows admin to specify the loggin level
- Bump to kube v1.7.8
- Build with go 1.8.4
* Tue Oct 3 2017 Lokesh Mandvekar <lsm5@fedoraproject.org> -
1.0.0-3.rc3.gitd2c6f64
- build v1.0.0-rc3 tag
* Tue Oct 3 2017 Lokesh Mandvekar <lsm5@fedoraproject.org> -
1.0.0-2.rc3.dev.gita8ea146
- adjust runc dep for CentOS Virt SIG builds
* Tue Oct 3 2017 Lokesh Mandvekar <lsm5@fedoraproject.org> -
1.0.0-1.rc3.dev.gita8ea146
- bump to 1.0.0-rc3.dev
- built commit a8ea146
* Wed Sep 20 2017 Lokesh Mandvekar <lsm5@fedoraproject.org> -
1.0.0-1.rc2.git6784a66
- bump to v1.0.0-rc2
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1578110 - CVE-2018-1000400 cri-o: capabilities are not dropped
when switching to a non-root user [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1578110
[ 2 ] Bug #1578135 - rpm dependencies: add and track Requires: cri-tools
https://bugzilla.redhat.com/show_bug.cgi?id=1578135
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-320cb9d7fb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZYWKWCBMF2UGDAYQARLAQ3WGHNL4DCOI/
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung