Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security fixes for container packages #3612

Merged
merged 9 commits into from
Dec 6, 2023
Merged

Security fixes for container packages #3612

merged 9 commits into from
Dec 6, 2023

Conversation

vyaghras
Copy link
Contributor

@vyaghras vyaghras commented Nov 25, 2023
edited
Loading

Issue number:

Closes #

Description of changes:

packages: update kubernetes -1.28 to 1.28.4
packages: update kubernetes 1.27 to 1.27.8
packages: update kubernetes-1.26 to 1.26.11
packages: update kubernetes-1.25 to 1.25.16
packages: update runc to 1.1.10
packages: update nvidia-k8s-device-plugin to 0.14.3
packages: update ecs-agent to 1.79.1
packages: update containerd to 1.6.25
packages: update amazon-ssm-agent to 3.2.1798.0

The update for nvidia-kubernetes-device-plugin mitigates: CVE-2023-3978, CVE-2023-44487, CVE-2023-39325, GHSA-m425-mq94-257g, CVE-2023-44487.

The update for ecs-agent mitigates: GHSA-m425-mq94-257g, CVE-2023-3978, CVE-2023-44487, CVE-2023-39325.
The update for containerd mitigates: CVE-2023-3978, CVE-2023-44487, CVE-2023-39325
The update for amazon-ssm-agent mitigates: CVE-2023-3978, CVE-2023-44487, CVE-2023-39325.

Testing done:

  • aws-k8s-1.27 x86_64
NAME                                       TYPE              STATE                     PASSED          FAILED         SKIPPED   BUILD ID         LAST UPDATE
 x86-64-aws-k8s-127-quick                   Test              passed                         5               0            7206   92cbb22f         2023-12-05T16:29:37Z
 x86-64-aws-k8s-127                         Resource          completed                                                          92cbb22f         2023-12-05T16:27:25Z
 x86-64-aws-k8s-127-instances-mlhv          Resource          completed                                                          92cbb22f         2023-12-05T16:27:34Z
  • aws-k8s-1.24 aarch64
NAME                                TYPE               STATE                       PASSED           FAILED          SKIPPED   BUILD ID          LAST UPDATE
 aarch64-aws-k8s-124-quick           Test               passed                           1                0             6972   92cbb22f          2023-12-05T17:30:53Z
 aarch64-aws-k8s-124                 Resource           completed                                                              92cbb22f          2023-12-05T17:28:54Z
  • aws-k8s-1.27-nvidia x86_64
x86-64-aws-k8s-127-nvidia-quick                  Test             passed                       5              0            7206   5b28082c         2023-12-05T23:34:43Z
 x86-64-aws-k8s-127-nvidia                        Resource         completed                                                       5b28082c         2023-12-05T23:32:08Z
 x86-64-aws-k8s-127-nvidia-instances-wumo         Resource         completed                                                       5b28082c         2023-12-05T23:32:16Z
  • aws-k8s-1.27-nvidia aarch64
aarch64-aws-k8s-127-nvidia-quick                  Test             passed                       5              0            7206   5b28082c         2023-12-05T23:59:01Z
 aarch64-aws-k8s-127-nvidia                        Resource         completed                                                       5b28082c         2023-12-05T23:56:57Z
 aarch64-aws-k8s-127-nvidia-instances-yjle         Resource         running                                                         5b28082c         2023-12-05T23:59:11Z
  • aws-ecs-1
 NAME                                     TYPE              STATE                     PASSED          FAILED          SKIPPED   BUILD ID          LAST UPDATE
 x86-64-aws-ecs-1-quick                   Test              passed                         1               0                0   92cbb22f          2023-12-05T17:47:28Z
 x86-64-aws-ecs-1                         Resource          completed                                                           92cbb22f          2023-12-05T17:46:56Z
  • aws-ecs-1-nvidia
 x86-64-aws-ecs-1-nvidia-quick                     Test             passed                       1              0               0   5b28082c         2023-12-05T23:45:58Z
 x86-64-aws-ecs-1-nvidia                           Resource         completed                                                       5b28082c         2023-12-05T23:45:10Z
 x86-64-aws-ecs-1-nvidia-instances-sdgu            Resource         running                                                         5b28082c         2023-12-05T23:46:07Z
  • aws-ecs-2
NAME                                     TYPE              STATE                     PASSED          FAILED          SKIPPED   BUILD ID          LAST UPDATE
 x86-64-aws-ecs-2-quick                   Test              passed                         1               0                0   92cbb22f          2023-12-05T17:58:14Z
 x86-64-aws-ecs-2                         Resource          completed                                                           92cbb22f          2023-12-05T17:57:36Z
  • aws-ecs-2-nvidia
x86-64-aws-ecs-2-nvidia-quick                     Test             passed                       1              0               0   5b28082c         2023-12-05T23:47:59Z
 x86-64-aws-ecs-2-nvidia                           Resource         completed                                                       5b28082c         2023-12-05T23:47:07Z
 x86-64-aws-ecs-2-nvidia-instances-zjhi            Resource         completed                                                       5b28082c         2023-12-05T23:47:19Z
  • Runc test

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

@bcressey bcressey mentioned this pull request Nov 28, 2023
Open
@vyaghras vyaghras force-pushed the Security_fixes_for_container_packages branch from 07b451b to 9365c8e Compare November 28, 2023 18:02
bcressey
bcressey approved these changes Nov 29, 2023
View reviewed changes
Copy link
Contributor

@bcressey bcressey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM assuming testing checks out.

yeazelm
yeazelm approved these changes Nov 30, 2023
View reviewed changes
Copy link
Contributor

@yeazelm yeazelm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@vyaghras vyaghras merged commit a9a9030 into bottlerocket-os:develop Dec 6, 2023
46 checks passed
@vyaghras vyaghras deleted the Security_fixes_for_container_packages branch December 6, 2023 00:31
@etungsten etungsten mentioned this pull request Dec 7, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bcressey bcressey bcressey approved these changes

@webern webern webern approved these changes

@arnaldo2792 arnaldo2792 arnaldo2792 approved these changes

@etungsten etungsten etungsten approved these changes

@yeazelm yeazelm yeazelm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@vyaghras @bcressey @webern @arnaldo2792 @etungsten @yeazelm