Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[chore] Upgrade github.com/opencontainers/runc to v1.1.12 #30967

Merged
merged 1 commit into from
Feb 1, 2024
Merged

[chore] Upgrade github.com/opencontainers/runc to v1.1.12 #30967

merged 1 commit into from
Feb 1, 2024

Conversation

atoulme
Copy link
Contributor

@atoulme atoulme commented Jan 31, 2024

Description:
Upgrade github.com/opencontainers/runc to v1.1.12

Fix CVE-2024-21626, a container breakout attack that took advantage of a file descriptor that was leaked internally within runc (but never leaked to the container process).

Further notes from dependabot here: #30964

@atoulme atoulme requested a review from djaglowski as a code owner January 31, 2024 23:51
@atoulme atoulme requested a review from a team January 31, 2024 23:51
@mx-psi mx-psi merged commit d4a6f5a into open-telemetry:main Feb 1, 2024
96 checks passed
@github-actions github-actions bot added this to the next release milestone Feb 1, 2024
cparkins pushed a commit to AmadeusITGroup/opentelemetry-collector-contrib that referenced this pull request Feb 1, 2024
@atoulme @cparkins
[chore] Upgrade github.com/opencontainers/runc to v1.1.12 (open-telem…
cbd7b32 
…etry#30967)

**Description:**
Upgrade github.com/opencontainers/runc to v1.1.12

Fix
[CVE-2024-21626](GHSA-xr7r-f8xq-vfvv),
a container breakout attack that took advantage of a file descriptor
that was leaked internally within runc (but never leaked to the
container process).

Further notes from dependabot here:
open-telemetry#30964
@sky333999 sky333999 mentioned this pull request Feb 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bryan-aguilar bryan-aguilar bryan-aguilar approved these changes

@songy23 songy23 songy23 approved these changes

@mx-psi mx-psi mx-psi approved these changes

@djaglowski djaglowski Awaiting requested review from djaglowski djaglowski is a code owner

@dmitryax dmitryax Awaiting requested review from dmitryax dmitryax is a code owner

@MovieStoreGuy MovieStoreGuy Awaiting requested review from MovieStoreGuy MovieStoreGuy is a code owner

@Aneurysm9 Aneurysm9 Awaiting requested review from Aneurysm9

Assignees

@fatsheep9146 fatsheep9146

Labels
cmd/configschema configschema command cmd/otelcontribcol otelcontribcol command cmd/oteltestbedcol exporter/datadog Datadog components exporter/splunkhec extension/observer internal/core receiver/aerospike receiver/apache receiver/apachespark receiver/awscontainerinsight receiver/bigip receiver/dockerstats receiver/elasticsearch receiver/filestats receiver/haproxy receiver/hostmetrics receiver/iis receiver/jmx JMX Receiver receiver/memcached receiver/mongodb receiver/mysql receiver/nginx receiver/postgresql receiver/redis Redis related issues receiver/snmp receiver/splunkhec receiver/sqlquery SQL query receiver receiver/vcenter receiver/zookeeper
Projects
None yet
Milestone
v0.94.0
Development

Successfully merging this pull request may close these issues.
5 participants
@atoulme @mx-psi @songy23 @bryan-aguilar @fatsheep9146