Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade containerd to 1.2.14 #2854

Closed
gdemonet opened this issue Oct 14, 2020 · 3 comments
Closed

Upgrade containerd to 1.2.14 #2854

gdemonet opened this issue Oct 14, 2020 · 3 comments
Labels
kind:bug Something isn't working release:blocker An issue that blocks a release until resolved topic:build Anything related to building steps topic:security Security-related issues
Milestone
MetalK8s 2.5.2

Comments

@gdemonet
Copy link
Contributor

gdemonet commented Oct 14, 2020
edited
Loading

Component: containerd

Summary:

containerd 1.2 is affected by CVE-2020-15157, and a fix is expected to be released in version 1.2.14, planned for October 15th

We'll need to update our package once this version comes out, starting in MetalK8s 2.5.2 and higher.
Starting with MetalK8s 2.7, we should include containerd 1.4.x instead.
@gdemonet gdemonet added kind:bug Something isn't working topic:security Security-related issues topic:build Anything related to building steps release:blocker An issue that blocks a release until resolved labels Oct 14, 2020
@gdemonet gdemonet added this to the MetalK8s 2.6.0 milestone Oct 14, 2020
@NicolasT
Copy link
Contributor

Why only for 2.6? I'd put this in any version where we use a vulnerable version of containerd, even if we don't release such versions anymore, and rely on GitWaterflow.

Also, why not move to 1.4 in 2.6?

@gdemonet
Copy link
Contributor Author

Why only for 2.6? I'd put this in any version where we use a vulnerable version of containerd, even if we don't release such versions anymore, and rely on GitWaterflow.

Good point, so indeed will make sure to have this in the lowest version possible.

Also, why not move to 1.4 in 2.6?

Merely a timing issue: we plan on releasing 2.6 next week, not sure we can get 1.4 out by then, let alone have it sufficiently tested.

@gdemonet
Copy link
Contributor Author

Updated description of this issue to detail which versions to target.

gdemonet pushed a commit that referenced this issue Oct 16, 2020
@NicolasT @gdemonet
packages: import SRPM files of containerd-1.2.4-1.el7
83268bf 
Retrieved from EPEL.

See: https://download-ib01.fedoraproject.org/pub/epel/7/SRPMS/Packages/c/containerd-1.2.4-1.el7.src.rpm

Cherry-picked from 516191b
See: #2854
gdemonet pushed a commit that referenced this issue Oct 16, 2020
@NicolasT @gdemonet
build: build 'our' containerd RPM
a06b85a 
Cherry-picked from 9ae95c1
See: #2854
gdemonet pushed a commit that referenced this issue Oct 16, 2020
@NicolasT @gdemonet
packages: bump containerd to 1.2.13
05ff679 
Cherry-picked from f586940
See: #2854
gdemonet pushed a commit that referenced this issue Oct 16, 2020
@NicolasT @gdemonet
packages: enable seccomp in containerd
95cc73b 
Fixes: #2259
See: #2259

Cherry-picked from f1df9b5
See: #2854
gdemonet added a commit that referenced this issue Oct 16, 2020
@gdemonet
packages: bump containerd to 1.2.14
a60b873 
Fixes: #2854
@gdemonet gdemonet mentioned this issue Oct 16, 2020
Merged
@bert-e bert-e closed this as completed in 0902dbc Oct 20, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind:bug Something isn't working release:blocker An issue that blocks a release until resolved topic:build Anything related to building steps topic:security Security-related issues
Projects
None yet
Milestone
MetalK8s 2.5.2
Development

No branches or pull requests
2 participants
@NicolasT @gdemonet