NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/docker-engine: security bump to version 20.10.9

Browse Source 
Fixes the following security issues:

- CVE-2021-41089:  Create parent directories inside a chroot during docker
  cp to prevent a specially crafted container from changing permissions of
  existing files in the host’s filesystem.

- CVE-2021-41091: Lock down file permissions to prevent unprivileged users
  from discovering and executing programs in /var/lib/docker.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit is contained in:
Peter Korsgaard 2021-10-15 14:59:43 +02:00 committed by Thomas Petazzoni
parent d53c702419
commit ce45136df0
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/docker-engine/docker-engine.hash
View File

@ -1,3 +1,3 @@
# Locally calculated
sha256 2505d00032f5d40ead5ac779c2840303dcead04713c93ba974be4c19b3ab8d0a docker-engine-20.10.8.tar.gz
sha256 359e8854d0d51bc884d434f182f64ca62f25fbbe7b9c6a336eb09f212fe8cc9a docker-engine-20.10.9.tar.gz
sha256 7c87873291f289713ac5df48b1f2010eb6963752bbd6b530416ab99fc37914a8 LICENSE

2
package/docker-engine/docker-engine.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
DOCKER_ENGINE_VERSION = 20.10.8
DOCKER_ENGINE_VERSION = 20.10.9
DOCKER_ENGINE_SITE = $(call github,moby,moby,v$(DOCKER_ENGINE_VERSION))
DOCKER_ENGINE_LICENSE = Apache-2.0