Skip to content

Update runc to 6635b4f (CVE-2019-5736)#2997

Merged
estesp merged 1 commit intocontainerd:masterfrom
thaJeztah:bump_runc_cve_2019-5736
Feb 11, 2019
Merged

Update runc to 6635b4f (CVE-2019-5736)#2997
estesp merged 1 commit intocontainerd:masterfrom
thaJeztah:bump_runc_cve_2019-5736

Conversation

@thaJeztah
Copy link
Copy Markdown
Member

@thaJeztah thaJeztah commented Feb 11, 2019

Includes opencontainers/runc@6635b4f,
which fixes a vulnerability in runc that allows a container escape (CVE-2019-5736)

Full diff:

@thaJeztah
Update runc to 6635b4f0c6af3810594d2770f662f34ddc15b40d (CVE-2019-5736)
14eaad0 
Includes opencontainers/runc@6635b4f,
which fixes a vulnerability in runc that allows a container escape (CVE-2019-5736)

Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah thaJeztah changed the title Update runc to 6635b4f0c6af3810594d2770f662f34ddc15b40d (CVE-2019-5736) Update runc to 6635b4f (CVE-2019-5736) Feb 11, 2019
@thaJeztah
Copy link
Copy Markdown
Member Author

thaJeztah commented Feb 11, 2019

Wasn't entirely sure if the x/sys bump was needed as well, so happy to remove that from this PR and move it to a separate one

@AkihiroSuda
Copy link
Copy Markdown
Member

AkihiroSuda commented Feb 11, 2019

Flaky test?

-- FAIL: TestCheckpointRestoreNewContainer (5.59s)
    container_checkpoint_test.go:325: io.containerd.runc.v1: failed to listen to abstract unix socket "/containerd-shim/testing/TestCheckpointRestoreNewContainer/shim.sock": listen unix /containerd-shim/testing/TestCheckpointRestoreNewContainer/shim.sock: bind: address already in use
        : exit status 1: unknown

@thaJeztah
Copy link
Copy Markdown
Member Author

thaJeztah commented Feb 11, 2019

I'll backport this to the release branches after this is merged

estesp
estesp approved these changes Feb 11, 2019
View reviewed changes
Copy link
Copy Markdown
Member

@estesp estesp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@codecov-io
Copy link
Copy Markdown

codecov-io commented Feb 11, 2019
edited
Loading

Codecov Report

Merging #2997 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #2997   +/-   ##
=======================================
  Coverage   43.96%   43.96%           
=======================================
  Files         102      102           
  Lines       10881    10881           
=======================================
  Hits         4784     4784           
  Misses       5362     5362           
  Partials      735      735
Flag Coverage Δ
#linux 47.58% <ø> (ø) ⬆️
#windows 41.18% <ø> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b02ab6c...14eaad0. Read the comment docs.

@estesp estesp merged commit 521a44b into containerd:master Feb 11, 2019
@thaJeztah thaJeztah deleted the bump_runc_cve_2019-5736 branch February 11, 2019 15:38
This was referenced Feb 11, 2019
Merged
Merged
@thaJeztah
Copy link
Copy Markdown
Member Author

thaJeztah commented Feb 11, 2019

opened backports for the release-branches; I see the 1.0 release reached EOL, so didn't backport to that branch, but let me know if we still want to backport there

@liqlin2015 liqlin2015 mentioned this pull request Feb 12, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@estesp estesp estesp approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@thaJeztah @AkihiroSuda @codecov-io @estesp