--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-7a0b6071a4
2020-10-17 14:24:06.576170
--------------------------------------------------------------------------------
Name : kata-runtime
Product : Fedora 31
Version : 1.11.1
Release : 3.fc31
URL :
https://github.com/kata-containers/runtime
Summary : Kata runtime to run containers in virtual machines
Description :
Kata runtime to run containers in virtual machines
Kata Containers is an open source project and community working to
build a standard implementation of lightweight Virtual Machines (VMs)
that feel and perform like containers, but provide the workload
isolation and security advantages of VMs.
Provides:
bundled(golang(github.com/blang/semver))
Provides:
bundled(golang(github.com/BurntSushi/toml))
Provides:
bundled(golang(github.com/containerd/cgroups))
Provides:
bundled(golang(github.com/containerd/containerd/api/events))
Provides:
bundled(golang(github.com/containerd/containerd/api/types))
Provides:
bundled(golang(github.com/containerd/containerd/api/types/task))
Provides:
bundled(golang(github.com/containerd/containerd/errdefs))
Provides:
bundled(golang(github.com/containerd/containerd/events))
Provides:
bundled(golang(github.com/containerd/containerd/mount))
Provides:
bundled(golang(github.com/containerd/containerd/namespaces))
Provides:
bundled(golang(github.com/containerd/containerd/runtime))
Provides:
bundled(golang(github.com/containerd/containerd/runtime/linux/runctypes))
Provides:
bundled(golang(github.com/containerd/containerd/runtime/v2/shim))
Provides:
bundled(golang(github.com/containerd/containerd/runtime/v2/task))
Provides:
bundled(golang(github.com/containerd/cri-containerd/pkg/annotations))
Provides:
bundled(golang(github.com/containerd/cri-containerd/pkg/api/runtimeoption...
Provides:
bundled(golang(github.com/containerd/fifo))
Provides:
bundled(golang(github.com/containerd/typeurl))
Provides:
bundled(golang(github.com/containernetworking/plugins/pkg/ns))
Provides:
bundled(golang(github.com/cri-o/cri-o/pkg/annotations))
Provides:
bundled(golang(github.com/dlespiau/covertool/pkg/cover))
Provides:
bundled(golang(github.com/docker/go-units))
Provides:
bundled(golang(github.com/gogo/protobuf/proto))
Provides:
bundled(golang(github.com/gogo/protobuf/types))
Provides:
bundled(golang(github.com/go-ini/ini))
Provides:
bundled(golang(github.com/go-openapi/errors))
Provides:
bundled(golang(github.com/go-openapi/runtime))
Provides:
bundled(golang(github.com/go-openapi/runtime/client))
Provides:
bundled(golang(github.com/go-openapi/strfmt))
Provides:
bundled(golang(github.com/go-openapi/swag))
Provides:
bundled(golang(github.com/go-openapi/validate))
Provides:
bundled(golang(github.com/hashicorp/go-multierror))
Provides:
bundled(golang(github.com/intel/govmm/qemu))
Provides:
bundled(golang(github.com/kata-containers/agent/pkg/types))
Provides:
bundled(golang(github.com/kata-containers/agent/protocols/client))
Provides:
bundled(golang(github.com/kata-containers/agent/protocols/grpc))
Provides:
bundled(golang(github.com/mitchellh/mapstructure))
Provides:
bundled(golang(github.com/opencontainers/runc/libcontainer/configs))
Provides:
bundled(golang(github.com/opencontainers/runc/libcontainer/specconv))
Provides:
bundled(golang(github.com/opencontainers/runc/libcontainer/utils))
Provides:
bundled(golang(github.com/opencontainers/runtime-spec/specs-go))
Provides:
bundled(golang(github.com/opentracing/opentracing-go))
Provides:
bundled(golang(github.com/opentracing/opentracing-go/log))
Provides:
bundled(golang(github.com/pkg/errors))
Provides:
bundled(golang(github.com/prometheus/procfs))
Provides:
bundled(golang(github.com/safchain/ethtool))
Provides:
bundled(golang(github.com/sirupsen/logrus))
Provides:
bundled(golang(github.com/sirupsen/logrus/hooks/syslog))
Provides:
bundled(golang(github.com/stretchr/testify/assert))
Provides:
bundled(golang(github.com/uber/jaeger-client-go))
Provides:
bundled(golang(github.com/uber/jaeger-client-go/config))
Provides:
bundled(golang(github.com/urfave/cli))
Provides:
bundled(golang(github.com/vishvananda/netlink))
Provides:
bundled(golang(github.com/vishvananda/netns))
Provides:
bundled(golang(golang.org/x/net/context))
Provides:
bundled(golang(golang.org/x/sys/unix))
Provides:
bundled(golang(google.golang.org/grpc))
Provides:
bundled(golang(google.golang.org/grpc/codes))
Provides:
bundled(golang(google.golang.org/grpc/status))
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2020-2026
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 9 2020 Fabiano Fid��ncio <fidencio(a)redhat.com> - 1.11.1-3
- Set kata-shim as recommended
- Don't reenable SELinux support for CentOS
* Thu Jul 30 2020 Fabiano Fid��ncio <fidencio(a)redhat.com> - 1.11.1-2
- Reenable SELinux as podman 2.0 is already out
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> -
1.11.1-1.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Fri Jun 26 2020 Pavel Mores <pmores(a)redhat.com> - 1.11.1-1
- Update to version 1.11.1
* Fri May 15 2020 Fabiano Fid��ncio <fidencio(a)redhat.com> - 1.11.0-3
- Use the right machine type according to the architecture
- Removed non-used / non-tested configuration files
- Use the right SharedFS type according ro the architecture
* Wed May 13 2020 Cole Robinson <crobinso(a)redhat.com> - 1.11.0-2
- Disable selinux until new podman is available
* Fri May 8 2020 Cole Robinson <crobinso(a)redhat.com> - 1.11.0-1
- Update to version 1.11.0
* Mon Apr 20 2020 Cole Robinson <aintdiscole(a)gmail.com> - 1.11.0-0.2.rc0
- Add libselinux-devel build dep
* Mon Apr 20 2020 Cole Robinson <aintdiscole(a)gmail.com> - 1.11.0-0.1.rc0
- Update to 1.11.0-rc0
* Mon Mar 23 2020 Fabiano Fid��ncio <fidencio(a)redhat.com> - 1.11.0-0.alpha1
- Update to 1.11.0-alpha1 upstream release
* Mon Feb 17 2020 Cole Robinson <aintdiscole(a)gmail.com> - 1.10.0-3
- Switch to virtio-fs default
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.10.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Jan 21 2020 Christophe de Dinechin <dinechin(a)redhat.com> - 1.10.0-1
- Update to release 1.10.0
Large number of changes
* Fri Jan 17 2020 Christophe de Dinechin <dinechin(a)redhat.com> - 1.9.2-1
- Update to release 1.9.3
Include firecracker release v0.18.1 to address CVE-2019-18960
Several upstream bug fixes:
3d5e0db rootless: Disable vhost-net for rootless
71d6d22 release: Kata Containers 1.9.3
b7fa015 versions: bump fc version to v0.18.1
c46fdff virtcontainers: don't consider non-running container resources
2777cb2 virtcontainers: update resources after adding container to sandbox
9204973 virtcontainers/store: make VCStoreUUIDPath rootless
c818711 vc: Don't adjust block index on error
10a977d vc: Persist file handle may leak in FS#ToDisk
* Fri Jan 17 2020 Christophe de Dinechin <dinechin(a)redhat.com> - 1.9.2-1
- Update to release 1.9.2
- Fix rangeUID parsing
- Fix cgroup creation logic for rootless
* Fri Jan 17 2020 Christophe de Dinechin <dinechin(a)redhat.com> - 1.9.1-2
- Adjust paths to match fix in kata-osbuilder
* Fri Nov 29 2019 Christophe de Dinechin <dinechin(a)redhat.com> - 1.9.1-1
- Update to release 1.9.1
* Tue Nov 19 2019 Christophe de Dinechin <dinechin(a)redhat.com> - 1.9.0-2
- Address rpmlint warning rpm-buildroot-usage
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1848300 - CVE-2020-2026 kata-runtime: kata-containers: Possibility to mount
untrusted container filesystem on any host path leads to Remote Code Execution
[fedora-31]
https://bugzilla.redhat.com/show_bug.cgi?id=1848300
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-7a0b6071a4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------