diff options
| author | Archana Polampalli <archana.polampalli@windriver.com> | 2025-07-11 17:07:22 +0530 |
|---|---|---|
| committer | Bruce Ashfield <bruce.ashfield@gmail.com> | 2025-07-16 14:49:43 -0400 |
| commit | 3e4dba95e6b5f5f68d0b3a5899b106c89da59428 (patch) | |
| tree | 3dfa2c315daa2fb88a33e6dcff31cd4216085826 /recipes-containers/cri-o/cri-o_git.bb | |
| parent | 227cefa1261daf20b7d9737541994ec2bba629fc (diff) | |
| download | meta-virtualization-kirkstone.tar.gz | |
cri-o: fix CVE-2023-6476kirkstone
A flaw was found in CRI-O that involves an experimental annotation leading to a
container being unconfined. This may allow a pod to specify and get any amount
of memory/cpu, circumventing the kubernetes scheduler and potentially resulting
in a denial of service in the node.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Diffstat (limited to 'recipes-containers/cri-o/cri-o_git.bb')
| -rw-r--r-- | recipes-containers/cri-o/cri-o_git.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/recipes-containers/cri-o/cri-o_git.bb b/recipes-containers/cri-o/cri-o_git.bb index 429c49a7..1e8353f8 100644 --- a/recipes-containers/cri-o/cri-o_git.bb +++ b/recipes-containers/cri-o/cri-o_git.bb | |||
| @@ -20,6 +20,7 @@ SRC_URI = "\ | |||
| 20 | file://0001-Makefile-force-symlinks.patch \ | 20 | file://0001-Makefile-force-symlinks.patch \ |
| 21 | file://crio.conf \ | 21 | file://crio.conf \ |
| 22 | file://0001-Use-securejoin.SecureJoin-when-forming-userns-paths.patch;patchdir=src/import/vendor/github.com/containers/storage \ | 22 | file://0001-Use-securejoin.SecureJoin-when-forming-userns-paths.patch;patchdir=src/import/vendor/github.com/containers/storage \ |
| 23 | file://CVE-2023-6476.patch;patchdir=src/import \ | ||
| 23 | " | 24 | " |
| 24 | 25 | ||
| 25 | # Apache-2.0 for docker | 26 | # Apache-2.0 for docker |