Closed pnpavlov closed 2 days ago
6.1.95 conflicts with intel fpga drivers.
I started the update-dfl.sh script locally
previous step is done, now running prepare-source script to check patch compatibility, or if I need to fix patches.
I've checked the rootfs and see that we have to update the Golang packages as well. Since we're affect. Also, we have docker still present that needs to be updated too. Hence, we need to upgrade Golang for 1312 as well.
bin/containerd (gobinary)
Total: 8 (UNKNOWN: 0, LOW: 0, MEDIUM: 6, HIGH: 1, CRITICAL: 1)
┌─────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
│ stdlib │ CVE-2024-24790 │ CRITICAL │ fixed │ 1.21.5 │ 1.21.11, 1.22.4 │ golang: net/netip: Unexpected behavior from Is methods for │
│ │ │ │ │ │ │ IPv4-mapped IPv6 addresses │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24790 │
│ ├────────────────┼──────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2023-45288 │ HIGH │ │ │ 1.21.9, 1.22.2 │ golang: net/http, x/net/http2: unlimited number of │
│ │ │ │ │ │ │ CONTINUATION frames causes DoS │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45288 │
│ ├────────────────┼──────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
We need to set up a new set of credential for the remaining weeks until 1312 reaches EOL.
Re-triggered build pipeline for 1312.6 https://github.com/gardenlinux/gardenlinux/actions/runs/9738980245
Since we disabled IMDSv1, we needed to adapt some tests, and port them to rel-1312.
This re-run includes changes to the tests, so that they should now work with IMDSv2 on AWS. On other cloud platforms just metadata service is checked for availability.
Relevant changes:
newer version #2189
We will publish directly patch 7 and skip 6
Summary
Release new 1312 release patch that addresses latest high and critical severity security findings. The patch should include latest published kernel patch. The number should be included in the release note, together with a summary of the vulnerabilities addressed.
Tasks: