stable

stargz-snapshotter-0.14.2-1.fc37

FEDORA-2023-ee472c698c created by ktock 7 months ago for Fedora 37

Release of stargz snapshotter v0.14.2 https://github.com/containerd/stargz-snapshotter/releases/tag/v0.14.2

This release uses containerd v1.7.0-rc.1 which contains the fix for GHSA-hmfx-3pcx-653p (CVE-2023-25173) and GHSA-259w-8hf6-59c2 (CVE-2023-25153). This release uses Go 1.20.1 which fixes CVE-2022-41717 .


auto bump to v0.14.1

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2023-ee472c698c

This update has been submitted for testing by ktock.

7 months ago

This update's test gating status has been changed to 'ignored'.

7 months ago

This update has obsoleted stargz-snapshotter-0.14.1-1.fc37, and has inherited its bugs and notes.

7 months ago

This update has been pushed to testing.

7 months ago

This update has been submitted for stable by bodhi.

7 months ago

This update has been pushed to stable.

7 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
7 months ago
in testing
7 months ago
in stable
7 months ago
approved
7 months ago
BZ#2163292 CVE-2022-41717 stargz-snapshotter: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [fedora-all]
0
0
BZ#2174481 CVE-2023-25153 stargz-snapshotter: containerd: OCI image importer memory exhaustion [fedora-all]
0
0
BZ#2174540 stargz-snapshotter: containerd: Supplementary groups are not set up properly [fedora-all]
0
0

Automated Test Results