Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-1.37] Fix CVE-2024-9407 and CVE-2024-9341 #5764

Merged
merged 2 commits into from
Oct 2, 2024
Merged

[release-1.37] Fix CVE-2024-9407 and CVE-2024-9341 #5764

merged 2 commits into from
Oct 2, 2024

Conversation

Luap99
Copy link
Member

@Luap99 Luap99 commented Oct 2, 2024

What type of PR is this?

/kind api-change

/kind bug

/kind cleanup
/kind deprecation
/kind design
/kind documentation
/kind failing-test
/kind feature
/kind flake
/kind other

What this PR does / why we need it:

Fix CVE-2024-9407 and CVE-2024-9341

How to verify it

Which issue(s) this PR fixes:

Fixes https://issues.redhat.com/browse/RHEL-61147
Fixes https://issues.redhat.com/browse/RHEL-61145

Fixes https://issues.redhat.com/browse/RHEL-61114
Fixes https://issues.redhat.com/browse/RHEL-61112

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Fixed CVE-2024-9407 and CVE-2024-934

nalind and others added 2 commits October 2, 2024 10:54
@nalind @Luap99
CVE-2024-9407: validate "bind-propagation" flag settings
e289e28 
CVE-2024-9407: validate that the value for the "bind-propagation" flag
when handling "bind" and "cache" mounts in `buildah run` or in RUN
instructions is one of the values that we would accept without the
"bind-propagation=" prefix.

Paul: fix merged conflict in tests (cherry-picked from 732f770)

Fixes https://issues.redhat.com/browse/RHEL-61147
Fixes https://issues.redhat.com/browse/RHEL-61145

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
@Luap99
vendor: update c/common to v0.60.4
b55cbb8 
Update c/common to fix CVE-2024-9341

Fixes CVE-2024-9341
Fixes https://issues.redhat.com/browse/RHEL-61114
Fixes https://issues.redhat.com/browse/RHEL-61112

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
@openshift-ci openshift-ci bot added the kind/bug Categorizes issue or PR as related to a bug. label Oct 2, 2024
@Luap99
Copy link
Member Author

Luap99 commented Oct 2, 2024

@nalind @mheon PTAL
@nalind Are you going to tag a new release then as Tom is not available?

@mheon
Copy link
Member

mheon commented Oct 2, 2024

LGTM

@rhatdan
Copy link
Member

rhatdan commented Oct 2, 2024

/approve
/lgtm

@openshift-ci openshift-ci bot added the lgtm label Oct 2, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Oct 2, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Luap99, rhatdan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved label Oct 2, 2024
@openshift-merge-bot openshift-merge-bot bot merged commit e4e2ad5 into containers:release-1.37 Oct 2, 2024
36 checks passed
@Luap99 Luap99 deleted the release-1.37 branch October 2, 2024 13:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@rhatdan rhatdan

Labels
approved kind/bug Categorizes issue or PR as related to a bug. lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Luap99 @mheon @rhatdan @nalind