[Buildroot] [git commit] package/containerd: security bump to version 1.5.11
Marcus Hoffmann
marcus.hoffmann at othermo.de
Mon Apr 11 12:28:51 UTC 2022
Hi Peter,
On 05.04.22 19:28, Peter Korsgaard wrote:
> commit: https://git.buildroot.net/buildroot/commit/?id=2642edb0af08f04fb98f4cb5f88895faded4b325
> branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
>
> Fixes the following security issues:
>
> - CVE-2022-23648: containerd CRI plugin: Insecure handling of image volumes
> https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7
>
> - CVE-2022-24769: Default inheritable capabilities for linux container
> should be empty
> https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c
>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
> package/containerd/containerd.hash | 2 +-
> package/containerd/containerd.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/package/containerd/containerd.hash b/package/containerd/containerd.hash
> index d5aafe2e70..23dacded88 100644
> --- a/package/containerd/containerd.hash
> +++ b/package/containerd/containerd.hash
> @@ -1,3 +1,3 @@
> # Computed locally
> -sha256 40c9767af3e87f2c36adf2f563f0a8374e80b30bd2b7aa80058c85912406cef4 containerd-1.5.9.tar.gz
> +sha256 6a289406c1c0583763e5a9754e31a1eced55cd5f162a7bc2a3a315d5eb05c7a1 containerd-1.5.11.tar.gz
I get a different hash for this download, both within buildroot as well
as downloading the file manually from github:
ERROR: containerd-1.5.11.tar.gz has wrong sha256 hash:
ERROR: expected:
6a289406c1c0583763e5a9754e31a1eced55cd5f162a7bc2a3a315d5eb05c7a1
ERROR: got :
02b79d5e2b07b5e64cd28f1fe84395ee11eef95fc49fd923a9ab93022b148be6
ERROR: Incomplete download, or man-in-the-middle (MITM) attack
Did the file change in the meantime or did something else go wrong here?
Should send a patch changing the hash to
02b79d5e2b07b5e64cd28f1fe84395ee11eef95fc49fd923a9ab93022b148be6?
> [...]
Best,
Marcus
More information about the buildroot
mailing list