Skip to content

update runc binary to v1.1.12#47268

Merged
thaJeztah merged 1 commit intomoby:masterfrom
thaJeztah:bump_runc_binary_1.1.12
Jan 31, 2024
Merged

update runc binary to v1.1.12#47268
thaJeztah merged 1 commit intomoby:masterfrom
thaJeztah:bump_runc_binary_1.1.12

Conversation

@thaJeztah
Copy link
Copy Markdown
Member

@thaJeztah thaJeztah commented Jan 31, 2024

Update the runc binary that's used in CI and for the static packages, which includes a fix for CVE-2024-21626.

- What I did

- How I did it

- How to verify it

- Description for the changelog

- A picture of a cute animal (not mandatory but encouraged)

@thaJeztah
update runc binary to v1.1.12
44bf407 
Update the runc binary that's used in CI and for the static packages, which
includes a fix for [CVE-2024-21626].

- release notes: https://github.com/opencontainers/runc/releases/tag/v1.1.12
- full diff: opencontainers/runc@v1.1.11...v1.1.12

[CVE-2024-21626]: GHSA-xr7r-f8xq-vfvv

Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah thaJeztah added this to the 26.0.0 milestone Jan 31, 2024
@thaJeztah thaJeztah requested a review from tianon as a code owner January 31, 2024 20:09
laurazard
laurazard approved these changes Jan 31, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@laurazard laurazard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

This was referenced Jan 31, 2024
Merged
Merged
Merged
@thaJeztah
Copy link
Copy Markdown
Member Author

thaJeztah commented Jan 31, 2024

Failure is unrelated, and looks like we can ignore;

=== Failed
=== FAIL: amd64.integration.plugin.authz TestAuthZPluginV2Disable (8.97s)
    authz_plugin_v2_test.go:68: assertion failed: error is not nil: Error response from daemon: plugin "riyaz/authz-no-volume-plugin:latest" not found

@thaJeztah
Copy link
Copy Markdown
Member Author

thaJeztah commented Jan 31, 2024

Everything else is green; bringing this one in

@thaJeztah thaJeztah merged commit 7a920fd into moby:master Jan 31, 2024
@thaJeztah thaJeztah deleted the bump_runc_binary_1.1.12 branch January 31, 2024 21:50
@dmlause
Copy link
Copy Markdown

dmlause commented Jan 31, 2024
edited
Loading

@thaJeztah - Is this PR going to be backported to 20.10 as well?

@thaJeztah
Copy link
Copy Markdown
Member Author

thaJeztah commented Jan 31, 2024

20.10 is EOL, so no backport there, but if you're running docker from deb or rpm packages, the runc binary is part of the containerd.io package, which is currently being published, so you can update the containerd.io package, to get a patched version of runc

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rumpl rumpl rumpl approved these changes

@vvoland vvoland vvoland approved these changes

@laurazard laurazard laurazard approved these changes

@tianon tianon Awaiting requested review from tianon tianon is a code owner

Assignees

No one assigned

Labels

area/runtime Runtime impact/changelog status/4-merge

Projects

None yet

Milestone

26.0.0

Development

Successfully merging this pull request may close these issues.

5 participants

@thaJeztah @dmlause @rumpl @vvoland @laurazard