FEDORA-2023-ee472c698c — security update for stargz-snapshotter

stable

stargz-snapshotter-0.14.2-1.fc37

FEDORA-2023-ee472c698c created by ktock 2 weeks ago for Fedora 37

Release of stargz snapshotter v0.14.2 https://github.com/containerd/stargz-snapshotter/releases/tag/v0.14.2

This release uses containerd v1.7.0-rc.1 which contains the fix for GHSA-hmfx-3pcx-653p (CVE-2023-25173) and GHSA-259w-8hf6-59c2 (CVE-2023-25153). This release uses Go 1.20.1 which fixes CVE-2022-41717 .

auto bump to v0.14.1

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2023-ee472c698c

This update has been submitted for testing by ktock.

2 weeks ago

This update's test gating status has been changed to 'ignored'.

2 weeks ago

This update has obsoleted stargz-snapshotter-0.14.1-1.fc37, and has inherited its bugs and notes.

2 weeks ago

This update has been pushed to testing.

2 weeks ago

This update has been submitted for stable by bodhi.

a week ago

This update has been pushed to stable.

a week ago

Please login to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

ignored

Builds

stargz-snapshotter-0.14.2-1.fc37

Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

2 weeks ago

in testing

2 weeks ago

in stable

a week ago

approved

a week ago

BZ#2163292 CVE-2022-41717 stargz-snapshotter: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [fedora-all]

BZ#2174481 CVE-2023-25153 stargz-snapshotter: containerd: OCI image importer memory exhaustion [fedora-all]

BZ#2174540 stargz-snapshotter: containerd: Supplementary groups are not set up properly [fedora-all]

stargz-snapshotter-0.14.2-1.fc37

Automated Test Results

ignored