Skip to content

[release/1.1] Update runc for CVE-2019-16884#3688

Merged
dmcgowan merged 1 commit intocontainerd:release/1.1from
crosbymichael:runc-cve
Sep 26, 2019
Merged

[release/1.1] Update runc for CVE-2019-16884#3688
dmcgowan merged 1 commit intocontainerd:release/1.1from
crosbymichael:runc-cve

Conversation

@crosbymichael
Copy link
Copy Markdown
Member

@crosbymichael crosbymichael commented Sep 26, 2019

Signed-off-by: Michael Crosby [email protected]

@crosbymichael
Update runc for CVE-2019-16884
735cdbf 
Signed-off-by: Michael Crosby <[email protected]>
jterry75
jterry75 approved these changes Sep 26, 2019
View reviewed changes
Copy link
Copy Markdown
Contributor

@jterry75 jterry75 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

dmcgowan
dmcgowan approved these changes Sep 26, 2019
View reviewed changes
Copy link
Copy Markdown
Member

@dmcgowan dmcgowan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@dmcgowan dmcgowan merged commit ed1b4ef into containerd:release/1.1 Sep 26, 2019
@crosbymichael crosbymichael deleted the runc-cve branch September 26, 2019 18:35
@kolyshkin
Copy link
Copy Markdown
Contributor

kolyshkin commented Oct 2, 2019

@crosbymichael @dmcgowan Hmm, I see that files patched to fix the runc's CVE-2019-16884 (see opencontainers/runc#2129) are not in this commit (as they are not used by containerd and thus are discarded by vndr). It means this PR is shallow/useless by itself (aside from the fact that it brings some other updates to runc code, not related to the CVE). Or am I missing something? The only thing I can think of is someone copy-pasting the sha from vendor.conf to build runc binary...

@estesp
Copy link
Copy Markdown
Member

estesp commented Oct 2, 2019

The last sentence is the winner :) It's a packaging detail, so that when we package containerd we are using the properly fixed version of runc:
https://github.com/containerd/containerd/blob/master/script/setup/install-runc#L24

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmcgowan dmcgowan dmcgowan approved these changes

@jterry75 jterry75 jterry75 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@crosbymichael @kolyshkin @estesp @dmcgowan @jterry75