* [Buildroot] [PATCH 1/1] package/containerd: security bump to v2.0.7
@ 2026-02-25 9:48 Thomas Perale via buildroot
2026-02-25 9:48 ` [Buildroot] [PATCH] package/wireshark: security bump to v4.4.13 Thomas Perale via buildroot
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Thomas Perale via buildroot @ 2026-02-25 9:48 UTC (permalink / raw)
To: buildroot; +Cc: Christian Stewart
For more information on the version bump, see:
- https://github.com/containerd/containerd/releases/tag/v2.0.7
- https://github.com/containerd/containerd/releases/tag/v2.0.6
- https://github.com/containerd/containerd/releases/tag/v2.0.5
- https://github.com/containerd/containerd/releases/tag/v2.0.4
- https://github.com/containerd/containerd/releases/tag/v2.0.3
Fixes the following vulnerabilities:
- CVE-2024-25621:
Versions 2.0.0-beta.0 through 2.0.6 have an overly broad default
permission vulnerability. Directory paths `/var/lib/containerd`,
`/run/containerd/io.containerd.grpc.v1.cri` and
`/run/containerd/io.containerd.sandbox.controller.v1.shim` were all
created with incorrect permissions.
https://www.cve.org/CVERecord?id=CVE-2024-25621
- CVE-2024-40635:
A bug was found in containerd prior to versions 2.0.4 where
containers launched with a User set as a `UID:GID` larger than the
maximum 32-bit signed integer can cause an overflow condition where
the container ultimately runs as root (UID 0). This could cause
unexpected behavior for environments that require containers to run
as a non-root user.
https://www.cve.org/CVERecord?id=CVE-2024-40635
- CVE-2025-47291:
A bug was found in the containerd's CRI implementation where
containerd, starting in version 2.0.1 and prior to version 2.0.5,
doesn't put usernamespaced containers under the Kubernetes' cgroup
hierarchy, therefore some Kubernetes limits are not honored. This
may cause a denial of service of the Kubernetes node.
https://www.cve.org/CVERecord?id=CVE-2025-47291
- CVE-2025-64329:
Versions 2.0.0-beta.0 through 2.0.6 contain a bug in the CRI Attach
implementation where a user can exhaust memory on the host due to
goroutine leaks.
https://www.cve.org/CVERecord?id=CVE-2025-64329
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
---
package/containerd/containerd.hash | 2 +-
package/containerd/containerd.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/containerd/containerd.hash b/package/containerd/containerd.hash
index 4ec78897d9..0916c603bb 100644
--- a/package/containerd/containerd.hash
+++ b/package/containerd/containerd.hash
@@ -1,3 +1,3 @@
# Computed locally
-sha256 472747a7a6b360a0864bab0ee00a8a6f51da5795171e6a60ab17aa80cbd850a2 containerd-2.0.2-go2.tar.gz
+sha256 2bbf9fedcf4ab31736fcb3ce224ef22610a87da9d53bbd8f6d205710fd849831 containerd-2.0.7-go2.tar.gz
sha256 4bbe3b885e8cd1907ab4cf9a41e862e74e24b5422297a4f2fe524e6a30ada2b4 LICENSE
diff --git a/package/containerd/containerd.mk b/package/containerd/containerd.mk
index 2ef70ab5d7..a334f0fdac 100644
--- a/package/containerd/containerd.mk
+++ b/package/containerd/containerd.mk
@@ -4,7 +4,7 @@
#
################################################################################
-CONTAINERD_VERSION = 2.0.2
+CONTAINERD_VERSION = 2.0.7
CONTAINERD_SITE = $(call github,containerd,containerd,v$(CONTAINERD_VERSION))
CONTAINERD_LICENSE = Apache-2.0
CONTAINERD_LICENSE_FILES = LICENSE
--
2.53.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH] package/wireshark: security bump to v4.4.13
2026-02-25 9:48 [Buildroot] [PATCH 1/1] package/containerd: security bump to v2.0.7 Thomas Perale via buildroot
@ 2026-02-25 9:48 ` Thomas Perale via buildroot
2026-02-25 9:57 ` Thomas Perale via buildroot
2026-02-25 21:10 ` [Buildroot] [PATCH 1/1] package/containerd: security bump to v2.0.7 Julien Olivain via buildroot
2026-03-06 19:53 ` Thomas Perale via buildroot
2 siblings, 1 reply; 5+ messages in thread
From: Thomas Perale via buildroot @ 2026-02-25 9:48 UTC (permalink / raw)
To: buildroot; +Cc: Christian Stewart
For more information on the version bump, see:
- https://www.wireshark.org/docs/relnotes/wireshark-4.4.13.html
- https://www.wireshark.org/docs/relnotes/wireshark-4.4.12.html
- https://www.wireshark.org/docs/relnotes/wireshark-4.4.11.html
- https://www.wireshark.org/docs/relnotes/wireshark-4.4.10.html
Fixes the following vulnerabilities:
- CVE-2025-11626:
MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to
4.2.13 allows denial of service
https://www.cve.org/CVERecord?id=CVE-2025-11626
- CVE-2025-13499:
Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows
denial of service
https://www.cve.org/CVERecord?id=CVE-2025-13499
- CVE-2025-13946:
MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0
to 4.4.11 allows denial of service
https://www.cve.org/CVERecord?id=CVE-2025-13946
- CVE-2026-0959:
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and
4.4.0 to 4.4.12 allows denial of service
https://www.cve.org/CVERecord?id=CVE-2026-0959
- CVE-2026-0960:
HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2
allows denial of service
https://www.cve.org/CVERecord?id=CVE-2026-0960
- CVE-2026-0961:
BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12
allows denial of service
https://www.cve.org/CVERecord?id=CVE-2026-0961
- CVE-2026-0962:
SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and
4.4.0 to 4.4.12 allows denial of service
https://www.cve.org/CVERecord?id=CVE-2026-0962
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
---
package/wireshark/wireshark.hash | 6 +++---
package/wireshark/wireshark.mk | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/wireshark/wireshark.hash b/package/wireshark/wireshark.hash
index 88eb7ef494..87d5781eed 100644
--- a/package/wireshark/wireshark.hash
+++ b/package/wireshark/wireshark.hash
@@ -1,6 +1,6 @@
-# From https://www.wireshark.org/download/src/all-versions/SIGNATURES-4.4.9.txt
-sha1 dc91c68b03b389645fa6dade92960863d74bca1d wireshark-4.4.9.tar.xz
-sha256 60551dc787f41e87aeaa1e9c33304f9008037e3baf9fa11aef9c2d584cc0b54b wireshark-4.4.9.tar.xz
+# From https://www.wireshark.org/download/src/all-versions/SIGNATURES-4.4.13.txt
+sha1 2e85bc1231775283d3e1593ce700566e0dc4efb9 wireshark-4.4.13.tar.xz
+sha256 cdaaf455954b45990651ba334ddcc691ee446fcfb332e78d27b0a8451f22dc0f wireshark-4.4.13.tar.xz
# Locally calculated
sha256 edaef632cbb643e4e7a221717a6c441a4c1a7c918e6e4d56debc3d8739b233f6 COPYING
diff --git a/package/wireshark/wireshark.mk b/package/wireshark/wireshark.mk
index 9ccd8f9a9e..196ac63271 100644
--- a/package/wireshark/wireshark.mk
+++ b/package/wireshark/wireshark.mk
@@ -4,7 +4,7 @@
#
################################################################################
-WIRESHARK_VERSION = 4.4.9
+WIRESHARK_VERSION = 4.4.13
WIRESHARK_SOURCE = wireshark-$(WIRESHARK_VERSION).tar.xz
WIRESHARK_SITE = https://www.wireshark.org/download/src/all-versions
WIRESHARK_LICENSE = wireshark license
--
2.53.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH] package/wireshark: security bump to v4.4.13
2026-02-25 9:48 ` [Buildroot] [PATCH] package/wireshark: security bump to v4.4.13 Thomas Perale via buildroot
@ 2026-02-25 9:57 ` Thomas Perale via buildroot
0 siblings, 0 replies; 5+ messages in thread
From: Thomas Perale via buildroot @ 2026-02-25 9:57 UTC (permalink / raw)
To: Thomas Perale; +Cc: buildroot, Christian Stewart
The wireshark bump is a resend by mistake nothing has changed from the previous
iteration. It has been removed from patchwork.
In reply of:
> For more information on the version bump, see:
> - https://www.wireshark.org/docs/relnotes/wireshark-4.4.13.html
> - https://www.wireshark.org/docs/relnotes/wireshark-4.4.12.html
> - https://www.wireshark.org/docs/relnotes/wireshark-4.4.11.html
> - https://www.wireshark.org/docs/relnotes/wireshark-4.4.10.html
>
> Fixes the following vulnerabilities:
>
> - CVE-2025-11626:
> MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to
> 4.2.13 allows denial of service
>
> https://www.cve.org/CVERecord?id=CVE-2025-11626
>
> - CVE-2025-13499:
> Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows
> denial of service
>
> https://www.cve.org/CVERecord?id=CVE-2025-13499
>
> - CVE-2025-13946:
> MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0
> to 4.4.11 allows denial of service
>
> https://www.cve.org/CVERecord?id=CVE-2025-13946
>
> - CVE-2026-0959:
> IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and
> 4.4.0 to 4.4.12 allows denial of service
>
> https://www.cve.org/CVERecord?id=CVE-2026-0959
>
> - CVE-2026-0960:
> HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2
> allows denial of service
>
> https://www.cve.org/CVERecord?id=CVE-2026-0960
>
> - CVE-2026-0961:
> BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12
> allows denial of service
>
> https://www.cve.org/CVERecord?id=CVE-2026-0961
>
> - CVE-2026-0962:
> SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and
> 4.4.0 to 4.4.12 allows denial of service
>
> https://www.cve.org/CVERecord?id=CVE-2026-0962
>
> Signed-off-by: Thomas Perale <thomas.perale@mind.be>
> ---
> package/wireshark/wireshark.hash | 6 +++---
> package/wireshark/wireshark.mk | 2 +-
> 2 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/package/wireshark/wireshark.hash b/package/wireshark/wireshark.hash
> index 88eb7ef494..87d5781eed 100644
> --- a/package/wireshark/wireshark.hash
> +++ b/package/wireshark/wireshark.hash
> @@ -1,6 +1,6 @@
> -# From https://www.wireshark.org/download/src/all-versions/SIGNATURES-4.4.9.txt
> -sha1 dc91c68b03b389645fa6dade92960863d74bca1d wireshark-4.4.9.tar.xz
> -sha256 60551dc787f41e87aeaa1e9c33304f9008037e3baf9fa11aef9c2d584cc0b54b wireshark-4.4.9.tar.xz
> +# From https://www.wireshark.org/download/src/all-versions/SIGNATURES-4.4.13.txt
> +sha1 2e85bc1231775283d3e1593ce700566e0dc4efb9 wireshark-4.4.13.tar.xz
> +sha256 cdaaf455954b45990651ba334ddcc691ee446fcfb332e78d27b0a8451f22dc0f wireshark-4.4.13.tar.xz
>
> # Locally calculated
> sha256 edaef632cbb643e4e7a221717a6c441a4c1a7c918e6e4d56debc3d8739b233f6 COPYING
> diff --git a/package/wireshark/wireshark.mk b/package/wireshark/wireshark.mk
> index 9ccd8f9a9e..196ac63271 100644
> --- a/package/wireshark/wireshark.mk
> +++ b/package/wireshark/wireshark.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -WIRESHARK_VERSION = 4.4.9
> +WIRESHARK_VERSION = 4.4.13
> WIRESHARK_SOURCE = wireshark-$(WIRESHARK_VERSION).tar.xz
> WIRESHARK_SITE = https://www.wireshark.org/download/src/all-versions
> WIRESHARK_LICENSE = wireshark license
> --
> 2.53.0
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/containerd: security bump to v2.0.7
2026-02-25 9:48 [Buildroot] [PATCH 1/1] package/containerd: security bump to v2.0.7 Thomas Perale via buildroot
2026-02-25 9:48 ` [Buildroot] [PATCH] package/wireshark: security bump to v4.4.13 Thomas Perale via buildroot
@ 2026-02-25 21:10 ` Julien Olivain via buildroot
2026-03-06 19:53 ` Thomas Perale via buildroot
2 siblings, 0 replies; 5+ messages in thread
From: Julien Olivain via buildroot @ 2026-02-25 21:10 UTC (permalink / raw)
To: Thomas Perale; +Cc: buildroot, Christian Stewart
On 25/02/2026 10:48, Thomas Perale via buildroot wrote:
> For more information on the version bump, see:
> - https://github.com/containerd/containerd/releases/tag/v2.0.7
> - https://github.com/containerd/containerd/releases/tag/v2.0.6
> - https://github.com/containerd/containerd/releases/tag/v2.0.5
> - https://github.com/containerd/containerd/releases/tag/v2.0.4
> - https://github.com/containerd/containerd/releases/tag/v2.0.3
[...]
> Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Applied to master, thanks.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/containerd: security bump to v2.0.7
2026-02-25 9:48 [Buildroot] [PATCH 1/1] package/containerd: security bump to v2.0.7 Thomas Perale via buildroot
2026-02-25 9:48 ` [Buildroot] [PATCH] package/wireshark: security bump to v4.4.13 Thomas Perale via buildroot
2026-02-25 21:10 ` [Buildroot] [PATCH 1/1] package/containerd: security bump to v2.0.7 Julien Olivain via buildroot
@ 2026-03-06 19:53 ` Thomas Perale via buildroot
2 siblings, 0 replies; 5+ messages in thread
From: Thomas Perale via buildroot @ 2026-03-06 19:53 UTC (permalink / raw)
To: Thomas Perale; +Cc: buildroot
In reply of:
> For more information on the version bump, see:
> - https://github.com/containerd/containerd/releases/tag/v2.0.7
> - https://github.com/containerd/containerd/releases/tag/v2.0.6
> - https://github.com/containerd/containerd/releases/tag/v2.0.5
> - https://github.com/containerd/containerd/releases/tag/v2.0.4
> - https://github.com/containerd/containerd/releases/tag/v2.0.3
>
> Fixes the following vulnerabilities:
>
> - CVE-2024-25621:
> Versions 2.0.0-beta.0 through 2.0.6 have an overly broad default
> permission vulnerability. Directory paths `/var/lib/containerd`,
> `/run/containerd/io.containerd.grpc.v1.cri` and
> `/run/containerd/io.containerd.sandbox.controller.v1.shim` were all
> created with incorrect permissions.
>
> https://www.cve.org/CVERecord?id=CVE-2024-25621
>
> - CVE-2024-40635:
> A bug was found in containerd prior to versions 2.0.4 where
> containers launched with a User set as a `UID:GID` larger than the
> maximum 32-bit signed integer can cause an overflow condition where
> the container ultimately runs as root (UID 0). This could cause
> unexpected behavior for environments that require containers to run
> as a non-root user.
>
> https://www.cve.org/CVERecord?id=CVE-2024-40635
>
> - CVE-2025-47291:
> A bug was found in the containerd's CRI implementation where
> containerd, starting in version 2.0.1 and prior to version 2.0.5,
> doesn't put usernamespaced containers under the Kubernetes' cgroup
> hierarchy, therefore some Kubernetes limits are not honored. This
> may cause a denial of service of the Kubernetes node.
>
> https://www.cve.org/CVERecord?id=CVE-2025-47291
>
> - CVE-2025-64329:
> Versions 2.0.0-beta.0 through 2.0.6 contain a bug in the CRI Attach
> implementation where a user can exhaust memory on the host due to
> goroutine leaks.
>
> https://www.cve.org/CVERecord?id=CVE-2025-64329
>
> Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Applied to 2025.02.x & 2025.11.x. Thanks
> ---
> package/containerd/containerd.hash | 2 +-
> package/containerd/containerd.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/package/containerd/containerd.hash b/package/containerd/containerd.hash
> index 4ec78897d9..0916c603bb 100644
> --- a/package/containerd/containerd.hash
> +++ b/package/containerd/containerd.hash
> @@ -1,3 +1,3 @@
> # Computed locally
> -sha256 472747a7a6b360a0864bab0ee00a8a6f51da5795171e6a60ab17aa80cbd850a2 containerd-2.0.2-go2.tar.gz
> +sha256 2bbf9fedcf4ab31736fcb3ce224ef22610a87da9d53bbd8f6d205710fd849831 containerd-2.0.7-go2.tar.gz
> sha256 4bbe3b885e8cd1907ab4cf9a41e862e74e24b5422297a4f2fe524e6a30ada2b4 LICENSE
> diff --git a/package/containerd/containerd.mk b/package/containerd/containerd.mk
> index 2ef70ab5d7..a334f0fdac 100644
> --- a/package/containerd/containerd.mk
> +++ b/package/containerd/containerd.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -CONTAINERD_VERSION = 2.0.2
> +CONTAINERD_VERSION = 2.0.7
> CONTAINERD_SITE = $(call github,containerd,containerd,v$(CONTAINERD_VERSION))
> CONTAINERD_LICENSE = Apache-2.0
> CONTAINERD_LICENSE_FILES = LICENSE
> --
> 2.53.0
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2026-03-06 19:53 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-25 9:48 [Buildroot] [PATCH 1/1] package/containerd: security bump to v2.0.7 Thomas Perale via buildroot
2026-02-25 9:48 ` [Buildroot] [PATCH] package/wireshark: security bump to v4.4.13 Thomas Perale via buildroot
2026-02-25 9:57 ` Thomas Perale via buildroot
2026-02-25 21:10 ` [Buildroot] [PATCH 1/1] package/containerd: security bump to v2.0.7 Julien Olivain via buildroot
2026-03-06 19:53 ` Thomas Perale via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox