microsoft
/
CBL-Mariner
зеркало из https://github.com/microsoft/CBL-Mariner.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
5 451 коммит 990 Ветки 457 Теги 862 MiB
Граф коммитов

3933 Коммитов

Автор SHA1 Сообщение Дата
CBL-Mariner-Bot b22d969705
[AUTO-CHERRYPICK] jx: Add patch to resolve CVE-2023-45288 - branch main (#10236) 
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
 2024-08-23 14:40:07 -04:00
CBL-Mariner-Bot f0722dfa7d
[AUTO-CHERRYPICK] openldap: Add patch to resolve CVE-2023-2953 - branch main (#10234) 
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
 2024-08-23 14:39:22 -04:00
CBL-Mariner-Bot 54b7e86fd1
[AUTO-CHERRYPICK] python3: CVE-2024-7592 (mariner 2) - branch main (#10223) 
Co-authored-by: bfjelds <bfjelds@microsoft.com>
 2024-08-23 14:38:46 -04:00
CBL-Mariner-Bot a3fedc41d0
[AUTO-CHERRYPICK] Bump frr to 8.5.5 to fix CVE-2024-31950 & CVE-2024-31951 - branch main (#10214) 
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
 2024-08-23 11:37:02 -07:00
aadhar-agarwal f871a79a43
Add patch for CVE-2024-43168 in unbound (#10157) 2024-08-21 10:51:00 -07:00
AZaugg bb4e1dc006
Add new package: Mosh to spec-extended (#8976) 
Signed-off-by: Chris Co <chrco@microsoft.com>
Co-authored-by: Chris Co <chrco@microsoft.com>
 2024-08-20 21:12:32 -07:00
CBL-Mariner-Bot 1171ff9846
[AUTOPATCHER-kernel] Kernel CVE - branch main - CVE-2024-36901 CVE-2024-41007 CVE-2024-41009 CVE-2024-42225 CVE-2024-42229 CVE-2024-42224 CVE-2024-42223 CVE-2024-42157 CVE-2024-42161 CVE-2024-42154 CVE-2024-42244 CVE-2024-42153 CVE-2024-42236 CVE-2024-42232 CVE-2024-42247 CVE-2024-42152 (#10178) 2024-08-19 22:13:35 -07:00
CBL-Mariner-Bot f911450e0a
[AUTO-CHERRYPICK] Patch CVE-2024-7006 in libtiff - branch main (#10154) 
Co-authored-by: aadhar-agarwal <108542189+aadhar-agarwal@users.noreply.github.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
 2024-08-19 11:43:59 -07:00
CBL-Mariner-Bot f8d9c8fb33
[AUTO-CHERRYPICK] bind: upgrade version 9.16.48 -> 9.16.50 & patch CVE-2024-1737, CVE-2024-1975 & CVE-2024-4076 - branch main (#10131) 
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2024-08-19 11:43:12 -07:00
CBL-Mariner-Bot f619b67495
[AUTO-CHERRYPICK] Patch cmake for CVE-2023-28320 - branch main (#10137) 
Co-authored-by: joejoew <111843948+joejoew@users.noreply.github.com>
 2024-08-19 11:43:03 -07:00
CBL-Mariner-Bot bf54124512
[AUTO-CHERRYPICK] Patch Busybox for CVE-2021-42380, CVE-2023-42363, CVE-2023-42364 & CVE-2023-42365 - branch main (#10130) 
Co-authored-by: suresh-thelkar <suresh.thelkar@yahoo.com>
 2024-08-19 11:39:37 -07:00
CBL-Mariner-Bot a58b51846f
[AUTO-CHERRYPICK] qt5-qtbase: Add patch to resolve CVE-2024-39936. - branch main (#10129) 
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
 2024-08-19 11:39:02 -07:00
CBL-Mariner-Bot 063e609db9
[AUTO-CHERRYPICK] Fix for CVE 2024 25620 in cert-manager - branch main (#10127) 
Co-authored-by: bhagyapathak <bhagyapathak@users.noreply.github.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
 2024-08-19 11:38:53 -07:00
CBL-Mariner-Bot 8380f30ee9
[AUTO-CHERRYPICK] Fix python-twisted CVEs CVE-2024-41671 and CVE-2024-41810 in 2.0 - branch main (#10122) 
Co-authored-by: sindhu-karri <33163197+sindhu-karri@users.noreply.github.com>
 2024-08-19 11:38:40 -07:00
CBL-Mariner-Bot c595d61a5e
[AUTO-CHERRYPICK] Patch rust for CVE-2024-31852 and CVE-2024-32884 - branch main (#10126) 
Co-authored-by: corvus-callidus <108946721+corvus-callidus@users.noreply.github.com>
 2024-08-19 11:38:22 -07:00
CBL-Mariner-Bot 368eaf2803
[AUTO-CHERRYPICK] dhcp: Patch bundled bind for CVE-2024-1737 & CVE-2024-1975. - branch main (#10121) 
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
 2024-08-19 11:38:12 -07:00
CBL-Mariner-Bot a8025baebf
[AUTO-CHERRYPICK] protobuf: patch CVE-2022-1941 - branch main (#10018) 
Co-authored-by: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
 2024-08-19 11:37:15 -07:00
CBL-Mariner-Bot 76613af222
[AUTO-CHERRYPICK] [AUTOPATCHER-kernel] Kernel upgrade to version 5.15.164.1 - branch fasttrack/2.0 - branch main (#10170) 2024-08-19 10:17:49 -07:00
CBL-Mariner-Bot 4c9a672bf4
[AUTOPATCHER-CORE] Upgrade postgresql to 14.13 CVE-2024-7348 (#10112) 2024-08-16 08:00:49 -07:00
CBL-Mariner-Bot 93ca32cc0d
[AUTOUPGRADE-CORE] Upgrade ca-certificates Msft cert change (#10080) 2024-08-13 17:37:39 -07:00
Gary Swalling 9659612d39
Update kernel-mos to 5.15.164.1 (#10114) 2024-08-13 10:48:10 -07:00
Sumynwa 5b1646c8a3
libtiff: Add patch to resolve CVE-2023-6277 (#10048) 2024-08-13 10:55:54 +05:30
Bala 396b7c7113
Fix CVE-2024-6104 in influxdb by patching vendor package source (#9987) 2024-08-12 16:12:11 +05:30
Bala 0dc23ab2f5
Fix CVE-2024-6104 in keda by patching vendor gomodule (#9990) 2024-08-12 16:11:38 +05:30
Bala 60d4679885
Fix CVE-2024-6104 in cert-manager by patching vendor package sources (#9981) 2024-08-12 16:11:12 +05:30
Bala 2469e3fe7f
Fix CVE-2024-6104 in cri-o by patching vendor package source (#9986) 2024-08-12 16:10:37 +05:30
Bala 9b3f2cc063
Fix CVE-2024-6104 in rook by patching vendor gomodule (#9993) 2024-08-12 16:09:49 +05:30
Bala eb5dffcf4f
Fix CVE-2024-6104 in Prometheus by patching vendor gomodule (#9992) 2024-08-12 16:09:31 +05:30
Bala 5512944fc6
Fix CVE-2024-6104 in Packer by patching vendor gomodule (#9991) 2024-08-12 16:08:33 +05:30
CBL-Mariner-Bot 4308a0c426
[AUTOPATCHER-kernel] Kernel CVE - branch main - CVE-2023-52340, CVE-2024-26900, CVE-2022-48788, CVE-2022-48841, CVE-2024-39473, CVE-2024-39474, CVE-2024-39483, CVE-2024-39485, CVE-2024-42071, CVE-2024-42072, CVE-2024-42073, CVE-2024-42074, CVE-2024-42075, CVE-2024-42078, CVE-2024-42083, CVE-2024-42237 (#9822) 2024-08-09 13:46:15 -07:00
Ksenija Stanojevic ded22fb0a6
feat(cloud-init): add support for azure-proxy-agent (#9878) 
Adds preliminary support for azure-proxy-agent into cloud-init. This is opt-in only with fallbacks if the command isn't available.
 2024-08-07 19:29:48 -07:00
Christopher Co 298bda4a7d
fix: correct moby-engine cherry-pick to keep consistency (#10028) 
Cherry-pick of CVE-2024-41110 from fast-track branch to main branch was malformed. Correct the inconsistency by keeping "-7" release version as the CVE fix since this is what is published via fast-track, and then update #9877 to be "-8" release, which will be built and published at next opportunity.

fixes: #9966 : "[AUTO-CHERRYPICK] fix CVE-2024-41110 in moby-engine - branch main"

Signed-off-by: Chris Co <chrco@microsoft.com>
 2024-08-06 19:58:41 -07:00
Archana Choudhary 1dcd90c10e
azcopy: upgrade version to 10.25.1 to fix CVE-2024-35255 (#9581) 2024-08-06 16:29:43 +05:30
CBL-Mariner-Bot dc4b0b34f9
[AUTO-CHERRYPICK] libcontainers-common: patch CVE-2021-43565 - branch main (#9975) 
Co-authored-by: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
 2024-08-01 14:12:47 +05:30
Christopher Co 58612dbbef
Patch waagent.conf to add firewall rules (#8335) 
Add EnableFirewall flag to waagent.conf to protect access to Azure host node services
 2024-07-30 09:52:42 -07:00
Rohit Rawat 788cd8f52d
Python3 patch CVE-2024-0397 (#9970) 2024-07-30 07:39:55 -04:00
CBL-Mariner-Bot 2cfea6b9b0
[AUTO-CHERRYPICK] Add Patch in terraform for CVE-2024-6257. - branch main (#9954) 
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
 2024-07-29 23:49:01 -04:00
CBL-Mariner-Bot ca07e1bb16
[AUTO-CHERRYPICK] libcontainers-common: introduce patch to address CVE-2024-37298 - branch main (#9948) 
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2024-07-29 23:46:55 -04:00
CBL-Mariner-Bot d27fb3931a
[AUTO-CHERRYPICK] Upgrade default golang to 1.22.5 and backport the fix for 1.18 - branch main (#9968) 
Co-authored-by: bhagyapathak <bhagyapathak@users.noreply.github.com>
 2024-07-29 23:36:30 -04:00
CBL-Mariner-Bot 21b41f2cce
[AUTO-CHERRYPICK] gh: patch CVE-2021-43565 - branch main (#9969) 
Co-authored-by: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
 2024-07-29 23:35:55 -04:00
CBL-Mariner-Bot a7c7a36624
[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade python-idna to 3.7 CVE-2024-3651 - branch main (#9930) 2024-07-29 23:10:48 -04:00
CBL-Mariner-Bot cf3bd41771
[AUTO-CHERRYPICK] Upgrade httpd to 2.4.62 to address CVE-2024-40725 - branch main (#9928) 
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
 2024-07-29 23:09:48 -04:00
Sumynwa 8db67c1a19
terraform: Patch CVE-2024-6104 for bundled hashicorp/go-retryablehttp. (#9959) 2024-07-29 22:25:09 -04:00
CBL-Mariner-Bot a80826bba9
[AUTO-CHERRYPICK] Bug fix in patch CVE-2024-5535 in openssl - branch main (#9961) 
Co-authored-by: suresh-thelkar <suresh.thelkar@yahoo.com>
Co-authored-by: Suresh Thelkar <sthelkar@microsoft.com>
 2024-07-29 22:24:08 -04:00
CBL-Mariner-Bot 37ec872227
[AUTO-CHERRYPICK] fix CVE-2024-41110 in moby-engine - branch main (#9966) 
Co-authored-by: Rohit Rawat <rohitrawat@microsoft.com>
 2024-07-29 22:23:04 -04:00
CBL-Mariner-Bot 3328395785
[AUTO-CHERRYPICK] Patch for gtk2 and gtk3 CVE-2024-6655 - branch main (#9967) 
Co-authored-by: joejoew <111843948+joejoew@users.noreply.github.com>
 2024-07-29 22:21:56 -04:00
CBL-Mariner-Bot 84853ebbda
Prepare August 2024 Update (#9940) 2024-07-28 08:34:16 -04:00
Rachel Menge b9c5a1a214
Address kernel CVE-2024-36288, CVE-2024-38662, CVE-2024-38780, CVE-2024-39277, CVE-2024-39292 (#9612) 2024-07-26 16:14:37 -07:00
sindhu-karri d5117e2764
Fix CVE-2024-6104 in skopeo (#9859) 2024-07-26 10:53:48 +05:30
sindhu-karri dd995b7be9
Fix CVE-2024-6345 in python3 (#9904) 2024-07-26 10:53:15 +05:30
Muhammad Falak R Wani a76c83ad92
curl: upgrade 8.5.0 -> 8.8.0 to address CVE-2024-2398 (#9832) 
Changelog: https://curl.se/changes.html#8_8_0
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2024-07-26 10:14:11 +05:30
CBL-Mariner-Bot e5afaac73c
[AUTOPATCHER-CORE] Upgrade krb5 to 1.21.3 CVE-2024-37371, CVE-2024-37370 (#9921) 
Co-authored-by: Adit Jha <aditjha@microsoft.com>
 2024-07-25 17:16:18 -07:00
CBL-Mariner-Bot acf2b37976
[AUTO-CHERRYPICK] cf-cli: patch CVE-2021-43565 - branch main (#9902) 
Co-authored-by: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
Co-authored-by: Riken Maharjan <106988478+rikenm1@users.noreply.github.com>
 2024-07-25 16:43:37 -07:00
CBL-Mariner-Bot f684f328c3
[AUTO-CHERRYPICK] Reverted `packer` to version 1.9.5 and patched its CVEs. - branch main (#9854) 
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
Co-authored-by: Riken Maharjan <106988478+rikenm1@users.noreply.github.com>
 2024-07-25 16:41:35 -07:00
CBL-Mariner-Bot 42df5d19ef
[AUTO-CHERRYPICK] Patch moby-buildx CVES CVE-2021-43565 CVE-2022-28948 CVE-2022-41723 - branch main (#9891) 
Co-authored-by: Cameron E Baird <cameronbaird@microsoft.com>
Co-authored-by: Riken Maharjan <106988478+rikenm1@users.noreply.github.com>
 2024-07-25 16:37:35 -07:00
CBL-Mariner-Bot f9abe2539f
[AUTO-CHERRYPICK] cri-o: patch CVE-2021-43565 - branch main (#9901) 
Co-authored-by: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
 2024-07-25 19:01:19 -04:00
CBL-Mariner-Bot f5e5df1bcf
[AUTO-CHERRYPICK] rapidjson: fix CVE-2024-38517 and CVE-2024-39684 - branch main (#9897) 
Co-authored-by: xiaohong <Xiaohong-Deng@users.noreply.github.com>
 2024-07-25 19:00:36 -04:00
CBL-Mariner-Bot 2dd276939a
[AUTO-CHERRYPICK] ceph: Fix high CVE-2024-38517 and CVE-2024-39684 - branch main (#9858) 
Co-authored-by: Vince Perri <5596945+vinceaperri@users.noreply.github.com>
 2024-07-25 18:57:09 -04:00
CBL-Mariner-Bot d86b17bc05
[AUTO-CHERRYPICK] Patch tpm2-tools for CVE-2024-29038 & CVE-2024-29039. - branch main (#9825) 
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
 2024-07-25 18:53:55 -04:00
CBL-Mariner-Bot 57506f34f3
[AUTO-CHERRYPICK] telegraf: Add patch for CVE-2024-37298 - branch main (#9823) 
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
 2024-07-25 18:53:12 -04:00
CBL-Mariner-Bot 970da2d51e
[AUTO-CHERRYPICK] Upgrade httpd to 2.4.61 to fix CVE-2024-38473 - branch main (#9819) 
Co-authored-by: Tobias Brick <39196763+tobiasb-ms@users.noreply.github.com>
 2024-07-25 15:52:46 -07:00
CBL-Mariner-Bot 35e1eed14f
[AUTO-CHERRYPICK] Patched CVE-2024-37890, CVE-2023-42282, and CVE-2017-18214 in `reaper`. - branch main (#9807) 
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
 2024-07-25 18:51:17 -04:00
CBL-Mariner-Bot 055ff1c664
[AUTO-CHERRYPICK] libmemcached-awesome: Upgrading version to 1.1.4 to address CVE-2023-27478 - branch main (#9805) 
Co-authored-by: sharath-srikanth-chellappa <115591284+sharath-srikanth-chellappa@users.noreply.github.com>
 2024-07-25 18:50:31 -04:00
CBL-Mariner-Bot 5e921ee588
[AUTO-CHERRYPICK] Patch CVE-2024-5535 in openssl - branch main (#9905) 2024-07-25 20:34:06 +05:30
chalamalasetty 8fbdbff440
Upgrade kernel-mos version to 5.15.161.1 (#9923) 2024-07-24 23:16:03 -07:00
Tobias Brick 297b90e3d0
fix intermittent openssl FIPS selftest failures in jitterentropy (#9890) 2024-07-23 12:58:32 -07:00
Muhammad Falak R Wani e44fb2e860
golang: drop golang-1.17 (#9877) 
None of the packages have a dependency on golang-1.17.

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2024-07-23 21:55:21 +05:30
CBL-Mariner-Bot 8539e10c93
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.162.2 - branch main (#9867) 2024-07-19 11:56:19 -07:00
CBL-Mariner-Bot 85ffff0104
[AUTO-CHERRYPICK] cloud-hypervisor-cvm: update to 38.0.72.2 - branch main (#9806) 
Co-authored-by: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
 2024-07-17 12:13:04 -07:00
Henry Beberman af186a1119
moby-engine: remove daemon.json with backported fix (#9551) 2024-07-16 10:10:53 -07:00
ms-mahuber a455a7e6b3
kata-cc: Fix make clean call in UVM build (#9837) 
During UVM build, the default OS' clean target is executed - which is Ubuntu.
Change make clean call to clean up the artifacts for the cbl-mariner distro: rm -rf /opt/kata-containers/uvm/tools/osbuilder/.ubuntu_rootfs.done /opt/kata-containers/uvm/tools/osbuilder/ubuntu_rootfs
 2024-07-15 17:43:39 -07:00
ms-mahuber a9004163a1
kata-containers-cc: Adapt tarfs make install trgt (#9829) 
Signed-off-by: Manuel Huber <mahuber@microsoft.com>
Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com>
 2024-07-15 13:01:40 -07:00
CBL-Mariner-Bot 77d1924e4c
[AUTO-CHERRYPICK] [AUTOPATCHER-kernel] Kernel upgrade to version 5.15.162.1 - branch fasttrack/2.0 - branch main (#9834) 2024-07-15 10:46:55 -07:00
Archana Choudhary 3e14b7eeed
hvloader: add patch for CVE-2023-0464 (#9443) 2024-07-12 15:22:15 +05:30
Pawel Winogrodzki cd7cf078f1
Patched CVE-2023-26253 in `glusterfs`. (CP: #9717) (#9719) 2024-07-10 10:55:16 -07:00
Muhammad Falak R Wani 4fa1760cc4
msft-golang: upgrade 1.22.4 -> 1.22.5 to address CVE-2024-24790 & CVE-2024-24791 (#9579) 
Changelog: https://go.dev/doc/devel/release#go1.22.0
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2024-07-09 00:38:46 +05:30
sharath-srikanth-chellappa 5669eeb9ba
emacs: Upgrading emacs version to 29.4 to address CVE-2024-39331 (#9709) 
Co-authored-by: Sharath Srikanth Chellappa <sharathsr@microsoft.com>
 2024-07-08 10:40:12 -07:00
Dan Streetman 350616f115
Update shim-unsigned-x64 to 15.8 and updates signed shim (#7893) 
Updates the unsigned shim for x64 to 15.8 and includes new signing certificate
Also updates the signed version of this shim

Co-authored-by: Chris Co <chrco@microsoft.com>
 2024-07-04 17:17:35 -07:00
Rachel Menge 3595f2a878
Address Kernel CVE-2021-3847, CVE-2024-26913, CVE-2024-26933, CVE-2024-26978, CVE-2024-36477, CVE-2024-36481, CVE-2024-38664, CVE-2024-39291 (#9571) 2024-07-04 17:15:48 -07:00
CBL-Mariner-Bot 0ac28edc5d
[AUTO-CHERRYPICK] openssh: fix "regresshion" CVE, CVE-2024-6387, with patch from debian. - branch main (#9565) 
Co-authored-by: SeanDougherty <sdougherty@microsoft.com>
 2024-07-03 10:41:01 -07:00
CBL-Mariner-Bot fd9ff7f98c
[AUTO-CHERRYPICK] Patch openssh to fix CVE-2023-28531 - branch main (#9519) 
Co-authored-by: Sam Meluch <109628994+sameluch@users.noreply.github.com>
 2024-06-27 14:34:19 -07:00
CBL-Mariner-Bot 623d203905
[AUTO-CHERRYPICK] Fix guava CVE-2023-2976 - branch main (#9526) 
Co-authored-by: sindhu-karri <33163197+sindhu-karri@users.noreply.github.com>
 2024-06-27 14:34:05 -07:00
CBL-Mariner-Bot ff8289a113
[AUTO-CHERRYPICK] Patch CVE-2023-52890 in ntfs-3g - branch main (#9520) 
Co-authored-by: suresh-thelkar <suresh.thelkar@yahoo.com>
 2024-06-27 14:31:15 -07:00
CBL-Mariner-Bot 2606e07373
[AUTO-CHERRYPICK] Fix CVE-2024-3727 in cri-o by patching vendored github.com/containers/image - branch main (#9488) 
Co-authored-by: Paco Huelsz <frhuelsz@microsoft.com>
 2024-06-26 13:31:42 -07:00
CBL-Mariner-Bot 82e82e134c
[AUTO-CHERRYPICK] wget: patch CVE-2024-38428 - branch main (#9487) 
Co-authored-by: Saul Paredes <30801614+Redent0r@users.noreply.github.com>
 2024-06-26 10:40:33 -07:00
CBL-Mariner-Bot c89dbfa1a2
[AUTO-CHERRYPICK] R: patch CVE-2024-27322 - branch main (#9486) 
Co-authored-by: Saul Paredes <30801614+Redent0r@users.noreply.github.com>
 2024-06-26 10:40:27 -07:00
CBL-Mariner-Bot c7a0e96884
[AUTO-CHERRYPICK] php: update to 8.1.29 to fix CVEs - branch main (#9393) 
Co-authored-by: Neha Agarwal <58672330+neha170@users.noreply.github.com>
 2024-06-26 10:40:22 -07:00
CBL-Mariner-Bot 84edf52699
[AUTO-CHERRYPICK] Update conntrack-tools and dependency - branch main (#9398) 
Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com>
 2024-06-26 10:40:18 -07:00
CBL-Mariner-Bot 9d8cb0c6de
[AUTO-CHERRYPICK] vte291: patch CVE-2024-37535 - branch main (#9484) 
Co-authored-by: Neha Agarwal <58672330+neha170@users.noreply.github.com>
 2024-06-26 10:40:13 -07:00
CBL-Mariner-Bot 4c110ece4e
[AUTO-CHERRYPICK] Patch CVE-2024-5564 in libndp - branch main (#9485) 
Co-authored-by: Nick Samson <nick.samson@microsoft.com>
 2024-06-26 10:40:06 -07:00
CBL-Mariner-Bot f374bf96c9
[AUTO-CHERRYPICK] Fix CVE-2024-3727 in skopeo - branch main (#9489) 
Co-authored-by: Rohit Rawat <rohitrawat@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
 2024-06-26 10:39:55 -07:00
Sumynwa b4644287d3
Upgrade vitess to v17.0.7 to fix CVE-2024-32886 (#9374) 2024-06-26 16:25:31 +05:30
CBL-Mariner-Bot e5d9cb6d2d
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.160.1 - branch main (#9362) 
This upgrade also contains ccf143f "Revert netfilter: br_netfilter: skip conntrack input hook for promisc packets" to unblock hairpin functionality.
 2024-06-25 17:07:38 -07:00
CBL-Mariner-Bot be0256e50c
Bump release for July 2024 Update (#9505) 2024-06-25 16:47:52 -04:00
jslobodzian c02863076b
Remove isorelax project from 2.0 Extended (#9503) 2024-06-25 16:34:41 -04:00
Rachel Menge 20b638e307
Address kernel CVE-2022-48670, CVE-2024-26583, CVE-2024-26584, CVE-2024-26585, CVE-2024-36023, CVE-2024-36897, CVE-2024-36902, CVE-2024-36938, CVE-2024-36971 (#9474) 2024-06-25 09:20:09 -07:00
CBL-Mariner-Bot 00e57e32d2
[AUTOPATCHER-CORE] Upgrade python-urllib3 to 1.26.19 patch CVE-2024-37891 (#9458) 2024-06-24 16:43:49 -07:00
Muhammad Falak R Wani 8e8032e9c4
msft-golang: upgrade version 1.22.3 -> 1.22.4 to address CVE-2024-24790 (#9352) 
Changelog: https://go.dev/doc/devel/release#go1.22.0
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2024-06-24 10:24:25 +05:30
CBL-Mariner-Bot da61f9c8be
[AUTOPATCHER-CORE] Upgrade dhcp to 4.4.3-P1 CVE-2022-2928, CVE-2022-2929 (#9436) 
Co-authored-by: Osama Esmail <osamaesmail@microsoft.com>
 2024-06-19 14:01:43 -07:00
Archana Choudhary 6a2491bb28
mysql: upgrade to 8.0.36 to fix 10 CVEs (#9428) 2024-06-19 12:27:08 +05:30
Saul Paredes e690393bf0
telegraf: patch CVE-2024-35255 (#9426) 2024-06-18 16:54:20 -07:00
Saul Paredes 654e5b3aad
yasm: patch CVE-2021-33454 (#9433) 2024-06-18 16:54:08 -07:00
Nick Samson e3c025c81b
nodejs18: upgrade nodejs18 to 18.20.3 to fix CVE-2024-28863 (#9372) 
Co-authored-by: Nick Samson <nisamson@microsoft.com>
 2024-06-18 13:27:56 -07:00
suresh-thelkar 2ab7702b23
Patch CVE-2024-5742 in nano (#9404) 2024-06-18 09:41:19 +05:30
bfjelds 30f1ce2f3a
Address CVE-2024-3727 by patching vendored github.com/containers/image (#9343) 2024-06-13 12:09:22 -07:00
Nan Liu ddbdd8987b
libarchive: add patch to resolve CVE-2024-26256 (#9340) 2024-06-13 09:02:08 -07:00
Archana Choudhary 610f91c953
hvloader: add patch to resolve CVE-2024-1298 (#9337) 2024-06-11 23:44:08 +05:30
Archana Choudhary 65cae39c11
edk2: add patch for CVE-2024-1298 (#9335) 2024-06-11 23:32:29 +05:30
CBL-Mariner-Bot 6af9f3d10a
[AUTOPATCHER-CORE] Upgrade libpng to 1.6.39 Fix CVE-2022-3857 (#9317) 
Co-authored-by: Mandeep Plaha <mandeepplaha@microsoft.com>
 2024-06-10 13:31:46 -07:00
Muhammad Falak R Wani c16735c961
golang: update 1.21.6 -> 1.21.11 to address CVE-2024-24790 (#9097) 
Changelog: https://go.dev/doc/devel/release#go1.21.minor
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2024-06-10 12:37:44 +05:30
Bala 9322acd7b2
Fix CVE-2024-3154 in package cri-o (#9284) 2024-06-07 16:32:27 -07:00
Tobias Brick 8ff27fc0fb
Upgrade azl-compliance to version 1.0.2 (#9348) 
Upgrade azl-compliance to latest version, to move us closer to FedRAMP compliance for AZL on AKS.
 2024-06-07 15:56:44 -07:00
Gary Swalling 487653257d
Update kernel-mos to 5.15.158.2 (#9356) 2024-06-07 15:31:03 -07:00
J Camposeco 44f82e45f6
python-cryptography: Update OpenSSL version to fix CVE-2023-50782 (#9359) 
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
 2024-06-07 15:20:56 -07:00
CBL-Mariner-Bot e2c8d9e5da
[FASTTRACK-CHERRYPICK] openssl: Fix CVE-2023-50782 affecting python-cryptography - branch main (#9318) 
Co-authored-by: J Camposeco <108859819+jcamposeco@users.noreply.github.com>
Co-authored-by: Juan Camposeco <juanarturoc@microsoft.com>
 2024-06-07 14:54:22 -07:00
CBL-Mariner-Bot 3a89a883d2
[AUTO-CHERRYPICK] Upgrade openvswitch to 2.17.9 to fix CVE-2023-5366 and CVE-2023-3966 - branch main (#9301) 
Co-authored-by: Bala <kumaran.4353@gmail.com>
 2024-06-07 14:41:53 -07:00
Rachel Menge 7b83725990
Upgrade kernel to 5.15.158.2 (#9358) 
5.15.157.1 introduced a failure with network hairpinning on AKS. Upgrade to 5.15.158.2 which has the commit [dceb683] reverted.
 2024-06-07 14:34:36 -07:00
sindhu-karri 6b57d92440
Fix Fluent-bit issues #8198 and #8025 (#9121) 
Fixes https://microsoft.visualstudio.com/OS/_workitems/edit/50531424
 2024-06-07 02:09:50 +05:30
CBL-Mariner-Bot 0d51af78bb
[AUTO-CHERRYPICK] CVE-2022-34169: docbook-style-xsl - upgrade embedded xalan jar from 2.7.2 to 2.7.3 (fasttrrack/2.0) - branch main (#9308) 
Co-authored-by: bfjelds <bfjelds@microsoft.com>
 2024-06-06 11:28:44 -07:00
Saul Paredes 4e90dd61c1
kata(-cc): upgrade to LSG release v2405.9.2 (#9261) 
Co-authored-by: Dallas Delaney <dadelan@microsoft.com>
Co-authored-by: CBL-Mariner Servicing Account <cblmargh@microsoft.com>
 2024-06-05 12:40:57 -07:00
CBL-Mariner-Bot 7763977729
[AUTO-CHERRYPICK] Patch dhcp for CVE-2023-2828 - branch main (#9306) 
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
 2024-06-05 11:58:19 +05:30
CBL-Mariner-Bot ec2c66e0fa
[AUTO-CHERRYPICK] Patch apparmor for CVE-2024-31755 - branch main (#9302) 
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
 2024-06-05 11:57:29 +05:30
CBL-Mariner-Bot ff0a669b98
[AUTO-CHERRYPICK] hvloader: address openssl related CVEs (CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304) - branch main (#9303) 
Co-authored-by: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
 2024-06-05 11:05:59 +05:30
CBL-Mariner-Bot 5f33b4845c
[AUTO-CHERRYPICK] reaper: address CVE-2024-4068 - branch main (#9298) 
Co-authored-by: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
 2024-06-05 11:05:47 +05:30
CBL-Mariner-Bot d03e5fd81f
[AUTO-CHERRYPICK] Fix fluent-bit CVE-2024-34250 with a patch - branch main (#9293) 
Co-authored-by: sindhu-karri <33163197+sindhu-karri@users.noreply.github.com>
 2024-06-05 10:23:17 +05:30
Tobias Brick 3eef9c87e1
openssl: only free buffers when done (#9309) 2024-06-04 15:21:33 -07:00
jslobodzian 4246a18833 Revert "Fixed Perl automatic requires and provides. (#9226)" 
This reverts commit 6b8eb01bf0.
 2024-06-04 00:09:50 -04:00
jslobodzian ed62ba9d97 Revert "Enable KNI module in DPDK build (#9246)" 
This reverts commit 84f1470398.
 2024-06-04 00:08:36 -04:00
Mitch Zhu a264db1f75
Patch moby-engine to address CVE-2023-44487 (#9276) 2024-06-03 10:52:43 -07:00
Lanze Liu a6539502f3
python-requests: patch CVE-2024-35195. (#9238) 
Co-authored-by: lanzeliu <lanzeliu@microsoft.com>
 2024-06-03 09:17:01 -07:00
Minghe Ren 513297d3dc
upgrade rubygem-rexml to 3.2.7 to resolve CVE-2024-35176 (#9282) 
Co-authored-by: minghe <rmhsawyer>
 2024-05-31 17:03:13 -07:00
Minghe Ren 6e4ebc6899
update and correct ruby CVE-2024035176.patch (#9280) 
Co-authored-by: minghe <rmhsawyer>
 2024-05-31 16:28:37 -07:00
Rachel Menge db8f0137f6
Address kernel CVE-2022-38096, CVE-2023-47233, CVE-2023-52827, CVE-2024-25739, CVE-2024-26900, CVE-2024-26902, CVE-2024-26929, CVE-2024-26934, CVE-2024-26949, CVE-2024-26952, CVE-2024-26979, CVE-2024-27013, CVE-2024-27015, CVE-2024-27016, CVE-2024-27018, CVE-2024-27019, CVE-2024-27020, CVE-2024-35978, CVE-2024-35982, CVE-2024-35984, CVE-2024-35990, CVE-2024-35997, CVE-2024-36008 (#9270) 
Address CVE-2022-38096, CVE-2023-47233, CVE-2023-52827, CVE-2024-25739, CVE-2024-26900, CVE-2024-26902, CVE-2024-26929, CVE-2024-26934, CVE-2024-26949, CVE-2024-26952, CVE-2024-26979, CVE-2024-27013, CVE-2024-27015, CVE-2024-27016, CVE-2024-27018, CVE-2024-27019, CVE-2024-27020, CVE-2024-35978, CVE-2024-35982, CVE-2024-35984, CVE-2024-35990, CVE-2024-35997, CVE-2024-36008
 2024-05-31 10:21:15 -07:00
Mykhailo Bykhovtsev ebc77031e5
Patch CVE-2024-26147 for cert-manager (#9268) 2024-05-30 18:57:31 -07:00
Minghe Ren 47df6748d9
add patch for ruby CVE-2024-35176 (#9267) 
Co-authored-by: minghe <rmhsawyer>
Co-authored-by: Mykhailo Bykhovtsev <108374904+mbykhovtsev-ms@users.noreply.github.com>
 2024-05-30 17:49:12 -07:00
Dinesh Kumar Ramasamy 84f1470398
Enable KNI module in DPDK build (#9246) 2024-05-30 08:33:04 -07:00
Mitch Zhu 3304dc254a
Patch nodejs18 to address CVE-2023-21100 (#9250) 2024-05-29 14:58:04 -07:00
Rachel Menge 07800afe35
Address hyperv-daemons CVE-2024-26951, CVE-2024-26961, CVE-2024-26965, CVE-2024-26966, CVE-2024-26973, CVE-2024-26977, CVE-2024-26984, CVE-2024-26993, CVE-2024-27000, CVE-2024-27018, CVE-2024-35848, CVE-2024-35912, CVE-2024-36008 (#9216) 
Address CVE-2024-26951, CVE-2024-26961, CVE-2024-26965, CVE-2024-26966, CVE-2024-26973, CVE-2024-26977, CVE-2024-26984, CVE-2024-26993, CVE-2024-27000, CVE-2024-27018, CVE-2024-35848, CVE-2024-35912, CVE-2024-36008
 2024-05-29 14:32:23 -07:00
CBL-Mariner-Bot f0b8294283
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.159.1 - branch main (#9187) 2024-05-29 14:31:46 -07:00
Minghe Ren 222de009ea
add patch for rubygem-rexml CVE-2024-35176 (#9242) 
Co-authored-by: minghe <rmhsawyer>
 2024-05-29 14:11:36 -07:00
corvus-callidus fea7c96a84
moby-compose: Fix CVE-2024-24786, CVE-2024-23650, CVE-2023-2253 (#9239) 2024-05-28 17:05:34 -07:00
CBL-Mariner-Bot ac45317296
[AUTO-CHERRYPICK] graphviz: address CVE-2023-46045 & CVE-2020-18032 - branch main (#9129) 
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2024-05-28 15:01:40 -07:00
CBL-Mariner-Bot e86c9c1d13
[AUTO-CHERRYPICK] pytorch: Add patch for CVE-2024-27318 - branch main (#9130) 
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
 2024-05-28 15:01:09 -07:00
CBL-Mariner-Bot f344024065
[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade fluent-bit to 2.2.3 to fix CVE-2024-4323 - branch main (#9237) 2024-05-28 15:00:50 -07:00
Henry Li dc5da04c2b
[2.0] Resolve telegraf CVE-2024-27289 (#9235) 
Co-authored-by: Henry Li <lihl@microsoft.com>
 2024-05-28 12:41:26 -07:00
Henry Li c5d244ff28
[2.0] Upgrade cri-o to v1.22.3 to resolve regressed CVE-2022-0811 (#9191) 
Co-authored-by: Henry Li <lihl@microsoft.com>
 2024-05-28 12:41:17 -07:00
Tobias Brick a7e75e15aa
add azl-compliance package (#9213) 
Adds the azl-compliance package to our distro. This will be used to harden images for FIPS and FedRAMP.
 2024-05-28 11:35:53 -07:00
CBL-Mariner-Bot 4c410bbcd1
[AUTO-CHERRYPICK] python-werkzeug: Patch CVE-2024-34069 - branch main (#9118) 
Co-authored-by: Jonathan Behrens <jbehrens@microsoft.com>
 2024-05-28 09:57:50 -07:00
J Camposeco 14d8692ef9
libvirt: Patch for CVE-2024-4418 (#9197) 2024-05-28 09:08:43 -07:00
Lanze Liu 4b86ac16fd
cups: patch CVE-2022-26691. (#9168) 
Co-authored-by: lanzeliu <lanzeliu@microsoft.com>
 2024-05-28 09:01:28 -07:00