CBL-Mariner-Bot
d27fb3931a
[AUTO-CHERRYPICK] Upgrade default golang to 1.22.5 and backport the fix for 1.18 - branch main ( #9968 )
...
Co-authored-by: bhagyapathak <bhagyapathak@users.noreply.github.com>
2024-07-29 23:36:30 -04:00
CBL-Mariner-Bot
21b41f2cce
[AUTO-CHERRYPICK] gh: patch CVE-2021-43565 - branch main ( #9969 )
...
Co-authored-by: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
2024-07-29 23:35:55 -04:00
CBL-Mariner-Bot
a7c7a36624
[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade python-idna to 3.7 CVE-2024-3651 - branch main ( #9930 )
2024-07-29 23:10:48 -04:00
CBL-Mariner-Bot
cf3bd41771
[AUTO-CHERRYPICK] Upgrade httpd to 2.4.62 to address CVE-2024-40725 - branch main ( #9928 )
...
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
2024-07-29 23:09:48 -04:00
Sumynwa
8db67c1a19
terraform: Patch CVE-2024-6104 for bundled hashicorp/go-retryablehttp. ( #9959 )
2024-07-29 22:25:09 -04:00
CBL-Mariner-Bot
a80826bba9
[AUTO-CHERRYPICK] Bug fix in patch CVE-2024-5535 in openssl - branch main ( #9961 )
...
Co-authored-by: suresh-thelkar <suresh.thelkar@yahoo.com>
Co-authored-by: Suresh Thelkar <sthelkar@microsoft.com>
2024-07-29 22:24:08 -04:00
CBL-Mariner-Bot
37ec872227
[AUTO-CHERRYPICK] fix CVE-2024-41110 in moby-engine - branch main ( #9966 )
...
Co-authored-by: Rohit Rawat <rohitrawat@microsoft.com>
2024-07-29 22:23:04 -04:00
CBL-Mariner-Bot
3328395785
[AUTO-CHERRYPICK] Patch for gtk2 and gtk3 CVE-2024-6655 - branch main ( #9967 )
...
Co-authored-by: joejoew <111843948+joejoew@users.noreply.github.com>
2024-07-29 22:21:56 -04:00
CBL-Mariner-Bot
84853ebbda
Prepare August 2024 Update ( #9940 )
2024-07-28 08:34:16 -04:00
Rachel Menge
b9c5a1a214
Address kernel CVE-2024-36288, CVE-2024-38662, CVE-2024-38780, CVE-2024-39277, CVE-2024-39292 ( #9612 )
2024-07-26 16:14:37 -07:00
sindhu-karri
d5117e2764
Fix CVE-2024-6104 in skopeo ( #9859 )
2024-07-26 10:53:48 +05:30
sindhu-karri
dd995b7be9
Fix CVE-2024-6345 in python3 ( #9904 )
2024-07-26 10:53:15 +05:30
Muhammad Falak R Wani
a76c83ad92
curl: upgrade 8.5.0 -> 8.8.0 to address CVE-2024-2398 ( #9832 )
...
Changelog: https://curl.se/changes.html#8_8_0
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2024-07-26 10:14:11 +05:30
CBL-Mariner-Bot
e5afaac73c
[AUTOPATCHER-CORE] Upgrade krb5 to 1.21.3 CVE-2024-37371, CVE-2024-37370 ( #9921 )
...
Co-authored-by: Adit Jha <aditjha@microsoft.com>
2024-07-25 17:16:18 -07:00
CBL-Mariner-Bot
acf2b37976
[AUTO-CHERRYPICK] cf-cli: patch CVE-2021-43565 - branch main ( #9902 )
...
Co-authored-by: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
Co-authored-by: Riken Maharjan <106988478+rikenm1@users.noreply.github.com>
2024-07-25 16:43:37 -07:00
CBL-Mariner-Bot
f684f328c3
[AUTO-CHERRYPICK] Reverted `packer` to version 1.9.5 and patched its CVEs. - branch main ( #9854 )
...
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
Co-authored-by: Riken Maharjan <106988478+rikenm1@users.noreply.github.com>
2024-07-25 16:41:35 -07:00
CBL-Mariner-Bot
42df5d19ef
[AUTO-CHERRYPICK] Patch moby-buildx CVES CVE-2021-43565 CVE-2022-28948 CVE-2022-41723 - branch main ( #9891 )
...
Co-authored-by: Cameron E Baird <cameronbaird@microsoft.com>
Co-authored-by: Riken Maharjan <106988478+rikenm1@users.noreply.github.com>
2024-07-25 16:37:35 -07:00
CBL-Mariner-Bot
f9abe2539f
[AUTO-CHERRYPICK] cri-o: patch CVE-2021-43565 - branch main ( #9901 )
...
Co-authored-by: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
2024-07-25 19:01:19 -04:00
CBL-Mariner-Bot
f5e5df1bcf
[AUTO-CHERRYPICK] rapidjson: fix CVE-2024-38517 and CVE-2024-39684 - branch main ( #9897 )
...
Co-authored-by: xiaohong <Xiaohong-Deng@users.noreply.github.com>
2024-07-25 19:00:36 -04:00
CBL-Mariner-Bot
2dd276939a
[AUTO-CHERRYPICK] ceph: Fix high CVE-2024-38517 and CVE-2024-39684 - branch main ( #9858 )
...
Co-authored-by: Vince Perri <5596945+vinceaperri@users.noreply.github.com>
2024-07-25 18:57:09 -04:00
CBL-Mariner-Bot
d86b17bc05
[AUTO-CHERRYPICK] Patch tpm2-tools for CVE-2024-29038 & CVE-2024-29039. - branch main ( #9825 )
...
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
2024-07-25 18:53:55 -04:00
CBL-Mariner-Bot
57506f34f3
[AUTO-CHERRYPICK] telegraf: Add patch for CVE-2024-37298 - branch main ( #9823 )
...
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
2024-07-25 18:53:12 -04:00
CBL-Mariner-Bot
970da2d51e
[AUTO-CHERRYPICK] Upgrade httpd to 2.4.61 to fix CVE-2024-38473 - branch main ( #9819 )
...
Co-authored-by: Tobias Brick <39196763+tobiasb-ms@users.noreply.github.com>
2024-07-25 15:52:46 -07:00
CBL-Mariner-Bot
35e1eed14f
[AUTO-CHERRYPICK] Patched CVE-2024-37890, CVE-2023-42282, and CVE-2017-18214 in `reaper`. - branch main ( #9807 )
...
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
2024-07-25 18:51:17 -04:00
CBL-Mariner-Bot
055ff1c664
[AUTO-CHERRYPICK] libmemcached-awesome: Upgrading version to 1.1.4 to address CVE-2023-27478 - branch main ( #9805 )
...
Co-authored-by: sharath-srikanth-chellappa <115591284+sharath-srikanth-chellappa@users.noreply.github.com>
2024-07-25 18:50:31 -04:00
Sam Meluch
8ecb1756f5
Filter out debuginfo packages when running sodiff ( #6698 )
...
Co-authored-by: Sam Meluch <sam.meluch@microsoft.com>
2024-07-25 12:35:06 -05:00
CBL-Mariner-Bot
5e921ee588
[AUTO-CHERRYPICK] Patch CVE-2024-5535 in openssl - branch main ( #9905 )
2024-07-25 20:34:06 +05:30
chalamalasetty
8fbdbff440
Upgrade kernel-mos version to 5.15.161.1 ( #9923 )
2024-07-24 23:16:03 -07:00
Tobias Brick
297b90e3d0
fix intermittent openssl FIPS selftest failures in jitterentropy ( #9890 )
2024-07-23 12:58:32 -07:00
Muhammad Falak R Wani
e44fb2e860
golang: drop golang-1.17 ( #9877 )
...
None of the packages have a dependency on golang-1.17.
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2024-07-23 21:55:21 +05:30
CBL-Mariner-Bot
8539e10c93
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.162.2 - branch main ( #9867 )
2024-07-19 11:56:19 -07:00
CBL-Mariner-Bot
85ffff0104
[AUTO-CHERRYPICK] cloud-hypervisor-cvm: update to 38.0.72.2 - branch main ( #9806 )
...
Co-authored-by: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
2024-07-17 12:13:04 -07:00
Henry Beberman
af186a1119
moby-engine: remove daemon.json with backported fix ( #9551 )
2024-07-16 10:10:53 -07:00
ms-mahuber
a455a7e6b3
kata-cc: Fix make clean call in UVM build ( #9837 )
...
During UVM build, the default OS' clean target is executed - which is Ubuntu.
Change make clean call to clean up the artifacts for the cbl-mariner distro: rm -rf /opt/kata-containers/uvm/tools/osbuilder/.ubuntu_rootfs.done /opt/kata-containers/uvm/tools/osbuilder/ubuntu_rootfs
2024-07-15 17:43:39 -07:00
ms-mahuber
a9004163a1
kata-containers-cc: Adapt tarfs make install trgt ( #9829 )
...
Signed-off-by: Manuel Huber <mahuber@microsoft.com>
Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com>
2024-07-15 13:01:40 -07:00
CBL-Mariner-Bot
77d1924e4c
[AUTO-CHERRYPICK] [AUTOPATCHER-kernel] Kernel upgrade to version 5.15.162.1 - branch fasttrack/2.0 - branch main ( #9834 )
2024-07-15 10:46:55 -07:00
Archana Choudhary
3e14b7eeed
hvloader: add patch for CVE-2023-0464 ( #9443 )
2024-07-12 15:22:15 +05:30
Pawel Winogrodzki
cd7cf078f1
Patched CVE-2023-26253 in `glusterfs`. (CP: #9717 ) ( #9719 )
2024-07-10 10:55:16 -07:00
Muhammad Falak R Wani
4fa1760cc4
msft-golang: upgrade 1.22.4 -> 1.22.5 to address CVE-2024-24790 & CVE-2024-24791 ( #9579 )
...
Changelog: https://go.dev/doc/devel/release#go1.22.0
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2024-07-09 00:38:46 +05:30
sharath-srikanth-chellappa
5669eeb9ba
emacs: Upgrading emacs version to 29.4 to address CVE-2024-39331 ( #9709 )
...
Co-authored-by: Sharath Srikanth Chellappa <sharathsr@microsoft.com>
2024-07-08 10:40:12 -07:00
Dan Streetman
350616f115
Update shim-unsigned-x64 to 15.8 and updates signed shim ( #7893 )
...
Updates the unsigned shim for x64 to 15.8 and includes new signing certificate
Also updates the signed version of this shim
Co-authored-by: Chris Co <chrco@microsoft.com>
2024-07-04 17:17:35 -07:00
Rachel Menge
3595f2a878
Address Kernel CVE-2021-3847, CVE-2024-26913, CVE-2024-26933, CVE-2024-26978, CVE-2024-36477, CVE-2024-36481, CVE-2024-38664, CVE-2024-39291 ( #9571 )
2024-07-04 17:15:48 -07:00
CBL-Mariner-Bot
0ac28edc5d
[AUTO-CHERRYPICK] openssh: fix "regresshion" CVE, CVE-2024-6387, with patch from debian. - branch main ( #9565 )
...
Co-authored-by: SeanDougherty <sdougherty@microsoft.com>
2024-07-03 10:41:01 -07:00
CBL-Mariner-Bot
fd9ff7f98c
[AUTO-CHERRYPICK] Patch openssh to fix CVE-2023-28531 - branch main ( #9519 )
...
Co-authored-by: Sam Meluch <109628994+sameluch@users.noreply.github.com>
2024-06-27 14:34:19 -07:00
CBL-Mariner-Bot
623d203905
[AUTO-CHERRYPICK] Fix guava CVE-2023-2976 - branch main ( #9526 )
...
Co-authored-by: sindhu-karri <33163197+sindhu-karri@users.noreply.github.com>
2024-06-27 14:34:05 -07:00
CBL-Mariner-Bot
ff8289a113
[AUTO-CHERRYPICK] Patch CVE-2023-52890 in ntfs-3g - branch main ( #9520 )
...
Co-authored-by: suresh-thelkar <suresh.thelkar@yahoo.com>
2024-06-27 14:31:15 -07:00
Muhammad Falak R Wani
36367cba80
toolkit: bump azidentity 1.3.1 -> 1.6.0 to address CVE-2024-35255 ( #9382 )
...
Fixes: https://github.com/microsoft/azurelinux/security/dependabot/13
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2024-06-27 07:43:10 +05:30
CBL-Mariner-Bot
2606e07373
[AUTO-CHERRYPICK] Fix CVE-2024-3727 in cri-o by patching vendored github.com/containers/image - branch main ( #9488 )
...
Co-authored-by: Paco Huelsz <frhuelsz@microsoft.com>
2024-06-26 13:31:42 -07:00
CBL-Mariner-Bot
82e82e134c
[AUTO-CHERRYPICK] wget: patch CVE-2024-38428 - branch main ( #9487 )
...
Co-authored-by: Saul Paredes <30801614+Redent0r@users.noreply.github.com>
2024-06-26 10:40:33 -07:00
CBL-Mariner-Bot
c89dbfa1a2
[AUTO-CHERRYPICK] R: patch CVE-2024-27322 - branch main ( #9486 )
...
Co-authored-by: Saul Paredes <30801614+Redent0r@users.noreply.github.com>
2024-06-26 10:40:27 -07:00