* [Buildroot] [PATCH 1/2] docker-engine: security bump to version 1.12.6
@ 2017-01-22 21:39 Peter Korsgaard
2017-01-22 21:39 ` [Buildroot] [PATCH 2/2] runc: security bump to fix CVE-2016-9962 Peter Korsgaard
2017-01-23 8:09 ` [Buildroot] [PATCH 1/2] docker-engine: security bump to version 1.12.6 Thomas Petazzoni
0 siblings, 2 replies; 3+ messages in thread
From: Peter Korsgaard @ 2017-01-22 21:39 UTC (permalink / raw)
To: buildroot
Fixes runC privilege escalation (CVE-2016-9962).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/docker-engine/docker-engine.hash | 2 +-
package/docker-engine/docker-engine.mk | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/docker-engine/docker-engine.hash b/package/docker-engine/docker-engine.hash
index 6697d8a30..5e09453e4 100644
--- a/package/docker-engine/docker-engine.hash
+++ b/package/docker-engine/docker-engine.hash
@@ -1,2 +1,2 @@
# Locally calculated
-sha256 81b337368efafb631a75f6ad5469413fd5828ce672592c374adf894dc05abd38 docker-engine-v1.12.5.tar.gz
+sha256 0413f3513c2a6842ed9cf837154c8a722e9b34cb36b33430348489baa183707e docker-engine-v1.12.6.tar.gz
diff --git a/package/docker-engine/docker-engine.mk b/package/docker-engine/docker-engine.mk
index 2cd71dd89..d575662dd 100644
--- a/package/docker-engine/docker-engine.mk
+++ b/package/docker-engine/docker-engine.mk
@@ -4,8 +4,8 @@
#
################################################################################
-DOCKER_ENGINE_VERSION = v1.12.5
-DOCKER_ENGINE_COMMIT = 7392c3b0ce0f9d3e918a321c66668c5d1ef4f689
+DOCKER_ENGINE_VERSION = v1.12.6
+DOCKER_ENGINE_COMMIT = 78d18021ecba00c00730dec9d56de6896f9e708d
DOCKER_ENGINE_SITE = $(call github,docker,docker,$(DOCKER_ENGINE_VERSION))
DOCKER_ENGINE_LICENSE = Apache-2.0
--
2.11.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 2/2] runc: security bump to fix CVE-2016-9962
2017-01-22 21:39 [Buildroot] [PATCH 1/2] docker-engine: security bump to version 1.12.6 Peter Korsgaard
@ 2017-01-22 21:39 ` Peter Korsgaard
2017-01-23 8:09 ` [Buildroot] [PATCH 1/2] docker-engine: security bump to version 1.12.6 Thomas Petazzoni
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2017-01-22 21:39 UTC (permalink / raw)
To: buildroot
RunC allowed additional container processes via runc exec to be ptraced by
the pid 1 of the container. This allows the main processes of the
container, if running as root, to gain access to file-descriptors of these
new processes during the initialization and can lead to container escapes or
modification of runC state before the process is fully placed inside the
container.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/runc/runc.hash | 2 +-
package/runc/runc.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/runc/runc.hash b/package/runc/runc.hash
index 5b5400eee..0b6a24ffc 100644
--- a/package/runc/runc.hash
+++ b/package/runc/runc.hash
@@ -1,2 +1,2 @@
# Locally computed
-sha256 638742c48426b9a3281aeb619e27513d972de228bdbd43b478baea99c186d491 runc-v1.0.0-rc2.tar.gz
+sha256 374822cc2895ed3899b7a3a03b566413ea782fccec1307231f27894e9c6d5bea runc-50a19c6ff828c58e5dab13830bd3dacde268afe5.tar.gz
diff --git a/package/runc/runc.mk b/package/runc/runc.mk
index 661872c96..95afcaaff 100644
--- a/package/runc/runc.mk
+++ b/package/runc/runc.mk
@@ -4,7 +4,7 @@
#
################################################################################
-RUNC_VERSION = v1.0.0-rc2
+RUNC_VERSION = 50a19c6ff828c58e5dab13830bd3dacde268afe5
RUNC_SITE = $(call github,opencontainers,runc,$(RUNC_VERSION))
RUNC_LICENSE = Apache-2.0
RUNC_LICENSE_FILES = LICENSE
--
2.11.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/2] docker-engine: security bump to version 1.12.6
2017-01-22 21:39 [Buildroot] [PATCH 1/2] docker-engine: security bump to version 1.12.6 Peter Korsgaard
2017-01-22 21:39 ` [Buildroot] [PATCH 2/2] runc: security bump to fix CVE-2016-9962 Peter Korsgaard
@ 2017-01-23 8:09 ` Thomas Petazzoni
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2017-01-23 8:09 UTC (permalink / raw)
To: buildroot
Hello,
On Sun, 22 Jan 2017 22:39:55 +0100, Peter Korsgaard wrote:
> Fixes runC privilege escalation (CVE-2016-9962).
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
> package/docker-engine/docker-engine.hash | 2 +-
> package/docker-engine/docker-engine.mk | 4 ++--
> 2 files changed, 3 insertions(+), 3 deletions(-)
Both applied to master, thanks!
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-01-23 8:09 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-01-22 21:39 [Buildroot] [PATCH 1/2] docker-engine: security bump to version 1.12.6 Peter Korsgaard
2017-01-22 21:39 ` [Buildroot] [PATCH 2/2] runc: security bump to fix CVE-2016-9962 Peter Korsgaard
2017-01-23 8:09 ` [Buildroot] [PATCH 1/2] docker-engine: security bump to version 1.12.6 Thomas Petazzoni
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox