-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-7a0b6071a4 2020-10-17 14:24:06.576170 --------------------------------------------------------------------------------
Name : kata-runtime Product : Fedora 31 Version : 1.11.1 Release : 3.fc31 URL : https://github.com/kata-containers/runtime Summary : Kata runtime to run containers in virtual machines Description : Kata runtime to run containers in virtual machines
Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.
Provides: bundled(golang(github.com/blang/semver)) Provides: bundled(golang(github.com/BurntSushi/toml)) Provides: bundled(golang(github.com/containerd/cgroups)) Provides: bundled(golang(github.com/containerd/containerd/api/events)) Provides: bundled(golang(github.com/containerd/containerd/api/types)) Provides: bundled(golang(github.com/containerd/containerd/api/types/task)) Provides: bundled(golang(github.com/containerd/containerd/errdefs)) Provides: bundled(golang(github.com/containerd/containerd/events)) Provides: bundled(golang(github.com/containerd/containerd/mount)) Provides: bundled(golang(github.com/containerd/containerd/namespaces)) Provides: bundled(golang(github.com/containerd/containerd/runtime)) Provides: bundled(golang(github.com/containerd/containerd/runtime/linux/runctypes)) Provides: bundled(golang(github.com/containerd/containerd/runtime/v2/shim)) Provides: bundled(golang(github.com/containerd/containerd/runtime/v2/task)) Provides: bundled(golang(github.com/containerd/cri-containerd/pkg/annotations)) Provides: bundled(golang(github.com/containerd/cri-containerd/pkg/api/runtimeoptions/v1)) Provides: bundled(golang(github.com/containerd/fifo)) Provides: bundled(golang(github.com/containerd/typeurl)) Provides: bundled(golang(github.com/containernetworking/plugins/pkg/ns)) Provides: bundled(golang(github.com/cri-o/cri-o/pkg/annotations)) Provides: bundled(golang(github.com/dlespiau/covertool/pkg/cover)) Provides: bundled(golang(github.com/docker/go-units)) Provides: bundled(golang(github.com/gogo/protobuf/proto)) Provides: bundled(golang(github.com/gogo/protobuf/types)) Provides: bundled(golang(github.com/go-ini/ini)) Provides: bundled(golang(github.com/go-openapi/errors)) Provides: bundled(golang(github.com/go-openapi/runtime)) Provides: bundled(golang(github.com/go-openapi/runtime/client)) Provides: bundled(golang(github.com/go-openapi/strfmt)) Provides: bundled(golang(github.com/go-openapi/swag)) Provides: bundled(golang(github.com/go-openapi/validate)) Provides: bundled(golang(github.com/hashicorp/go-multierror)) Provides: bundled(golang(github.com/intel/govmm/qemu)) Provides: bundled(golang(github.com/kata-containers/agent/pkg/types)) Provides: bundled(golang(github.com/kata-containers/agent/protocols/client)) Provides: bundled(golang(github.com/kata-containers/agent/protocols/grpc)) Provides: bundled(golang(github.com/mitchellh/mapstructure)) Provides: bundled(golang(github.com/opencontainers/runc/libcontainer/configs)) Provides: bundled(golang(github.com/opencontainers/runc/libcontainer/specconv)) Provides: bundled(golang(github.com/opencontainers/runc/libcontainer/utils)) Provides: bundled(golang(github.com/opencontainers/runtime-spec/specs-go)) Provides: bundled(golang(github.com/opentracing/opentracing-go)) Provides: bundled(golang(github.com/opentracing/opentracing-go/log)) Provides: bundled(golang(github.com/pkg/errors)) Provides: bundled(golang(github.com/prometheus/procfs)) Provides: bundled(golang(github.com/safchain/ethtool)) Provides: bundled(golang(github.com/sirupsen/logrus)) Provides: bundled(golang(github.com/sirupsen/logrus/hooks/syslog)) Provides: bundled(golang(github.com/stretchr/testify/assert)) Provides: bundled(golang(github.com/uber/jaeger-client-go)) Provides: bundled(golang(github.com/uber/jaeger-client-go/config)) Provides: bundled(golang(github.com/urfave/cli)) Provides: bundled(golang(github.com/vishvananda/netlink)) Provides: bundled(golang(github.com/vishvananda/netns)) Provides: bundled(golang(golang.org/x/net/context)) Provides: bundled(golang(golang.org/x/sys/unix)) Provides: bundled(golang(google.golang.org/grpc)) Provides: bundled(golang(google.golang.org/grpc/codes)) Provides: bundled(golang(google.golang.org/grpc/status))
-------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2020-2026 -------------------------------------------------------------------------------- ChangeLog:
* Fri Oct 9 2020 Fabiano Fid��ncio fidencio@redhat.com - 1.11.1-3 - Set kata-shim as recommended - Don't reenable SELinux support for CentOS * Thu Jul 30 2020 Fabiano Fid��ncio fidencio@redhat.com - 1.11.1-2 - Reenable SELinux as podman 2.0 is already out * Tue Jul 28 2020 Fedora Release Engineering releng@fedoraproject.org - 1.11.1-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Fri Jun 26 2020 Pavel Mores pmores@redhat.com - 1.11.1-1 - Update to version 1.11.1 * Fri May 15 2020 Fabiano Fid��ncio fidencio@redhat.com - 1.11.0-3 - Use the right machine type according to the architecture - Removed non-used / non-tested configuration files - Use the right SharedFS type according ro the architecture * Wed May 13 2020 Cole Robinson crobinso@redhat.com - 1.11.0-2 - Disable selinux until new podman is available * Fri May 8 2020 Cole Robinson crobinso@redhat.com - 1.11.0-1 - Update to version 1.11.0 * Mon Apr 20 2020 Cole Robinson aintdiscole@gmail.com - 1.11.0-0.2.rc0 - Add libselinux-devel build dep * Mon Apr 20 2020 Cole Robinson aintdiscole@gmail.com - 1.11.0-0.1.rc0 - Update to 1.11.0-rc0 * Mon Mar 23 2020 Fabiano Fid��ncio fidencio@redhat.com - 1.11.0-0.alpha1 - Update to 1.11.0-alpha1 upstream release * Mon Feb 17 2020 Cole Robinson aintdiscole@gmail.com - 1.10.0-3 - Switch to virtio-fs default * Wed Jan 29 2020 Fedora Release Engineering releng@fedoraproject.org - 1.10.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Tue Jan 21 2020 Christophe de Dinechin dinechin@redhat.com - 1.10.0-1 - Update to release 1.10.0 Large number of changes * Fri Jan 17 2020 Christophe de Dinechin dinechin@redhat.com - 1.9.2-1 - Update to release 1.9.3 Include firecracker release v0.18.1 to address CVE-2019-18960 Several upstream bug fixes: 3d5e0db rootless: Disable vhost-net for rootless 71d6d22 release: Kata Containers 1.9.3 b7fa015 versions: bump fc version to v0.18.1 c46fdff virtcontainers: don't consider non-running container resources 2777cb2 virtcontainers: update resources after adding container to sandbox 9204973 virtcontainers/store: make VCStoreUUIDPath rootless c818711 vc: Don't adjust block index on error 10a977d vc: Persist file handle may leak in FS#ToDisk * Fri Jan 17 2020 Christophe de Dinechin dinechin@redhat.com - 1.9.2-1 - Update to release 1.9.2 - Fix rangeUID parsing - Fix cgroup creation logic for rootless * Fri Jan 17 2020 Christophe de Dinechin dinechin@redhat.com - 1.9.1-2 - Adjust paths to match fix in kata-osbuilder * Fri Nov 29 2019 Christophe de Dinechin dinechin@redhat.com - 1.9.1-1 - Update to release 1.9.1 * Tue Nov 19 2019 Christophe de Dinechin dinechin@redhat.com - 1.9.0-2 - Address rpmlint warning rpm-buildroot-usage -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1848300 - CVE-2020-2026 kata-runtime: kata-containers: Possibility to mount untrusted container filesystem on any host path leads to Remote Code Execution [fedora-31] https://bugzilla.redhat.com/show_bug.cgi?id=1848300 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-7a0b6071a4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------