New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

linuxkit should be bumped to version 1.3.0+ to resolve CVE-2024-23652 and CVE-2024-23653 #636

Closed

zepeng811 opened this issue Jul 26, 2024 · 0 comments · Fixed by #640

zepeng811 commented Jul 26, 2024

Hi Team,

we previously raised an issue to the linuxkit repo to upgrade moby/buildkit to resolve CVE-2024-23652 and CVE-2024-23653: linuxkit/linuxkit#4042

linuxkit have upgraded their version and released it in v1.3.0: https://github.com/linuxkit/linuxkit/releases/tag/v1.3.0

can we bump the version for linuxkit to v1.3.0 (and maybe the latest version v1.4.0) to patch the CVEs

The text was updated successfully, but these errors were encountered:

foersleo mentioned this issue

blobs: Update linuxkit to version 1.5.0 #640

Merged

foersleo closed this as completed in #640

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment