[Buildroot] [PATCH 2/2] package/docker-engine: security bump to version 20.10.9
Christian Stewart
christian at paral.in
Mon Oct 18 04:29:11 UTC 2021
Reviewed-by: Christian Stewart <christian at paral.in>
On Fri, Oct 15, 2021 at 5:59 AM Peter Korsgaard <peter at korsgaard.com> wrote:
>
> Fixes the following security issues:
>
> - CVE-2021-41089: Create parent directories inside a chroot during docker
> cp to prevent a specially crafted container from changing permissions of
> existing files in the host’s filesystem.
>
> - CVE-2021-41091: Lock down file permissions to prevent unprivileged users
> from discovering and executing programs in /var/lib/docker.
>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
> package/docker-engine/docker-engine.hash | 2 +-
> package/docker-engine/docker-engine.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/package/docker-engine/docker-engine.hash b/package/docker-engine/docker-engine.hash
> index 07acb87864..5e15842859 100644
> --- a/package/docker-engine/docker-engine.hash
> +++ b/package/docker-engine/docker-engine.hash
> @@ -1,3 +1,3 @@
> # Locally calculated
> -sha256 2505d00032f5d40ead5ac779c2840303dcead04713c93ba974be4c19b3ab8d0a docker-engine-20.10.8.tar.gz
> +sha256 359e8854d0d51bc884d434f182f64ca62f25fbbe7b9c6a336eb09f212fe8cc9a docker-engine-20.10.9.tar.gz
> sha256 7c87873291f289713ac5df48b1f2010eb6963752bbd6b530416ab99fc37914a8 LICENSE
Thanks,
Christian
More information about the buildroot
mailing list