From 471585dcd5ff0f684d6cfe4470a226095277ea48 Mon Sep 17 00:00:00 2001 From: Cristian Calin <6627509+cristicalin@users.noreply.github.com> Date: Fri, 4 Mar 2022 00:51:16 +0200 Subject: [PATCH] [containerd]: upgrade versions to fix CVE-2022-23648 (#8597) * [containerd] add hashes for 1.6.1 * [contained] make 1.6.1 the default * [containerd] add hashes for 1.5.10 * [containerd] add hashes for 1.4.13 * [nerdct] bump to 0.17.1 --- README.md | 2 +- roles/download/defaults/main.yml | 24 ++++++++++++++++++------ 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 4b708a244..76daea7cb 100644 --- a/README.md +++ b/README.md @@ -134,7 +134,7 @@ Note: Upstart/SysV init based OS types are not supported. - [kubernetes](https://github.com/kubernetes/kubernetes) v1.23.4 - [etcd](https://github.com/etcd-io/etcd) v3.5.1 - [docker](https://www.docker.com/) v20.10 (see note) - - [containerd](https://containerd.io/) v1.6.0 + - [containerd](https://containerd.io/) v1.6.1 - [cri-o](http://cri-o.io/) v1.22 (experimental: see [CRI-O Note](docs/cri-o.md). Only on fedora, ubuntu and centos based OS) - Network Plugin - [cni-plugins](https://github.com/containernetworking/plugins) v1.0.1 diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index 821e456cb..d98392164 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -74,7 +74,7 @@ runc_version: v1.1.0 kata_containers_version: 2.2.3 youki_version: 0.0.1 gvisor_version: 20210921 -containerd_version: 1.6.0 +containerd_version: 1.6.1 # this is relevant when container_manager == 'docker' docker_containerd_version: 1.4.12 @@ -112,7 +112,7 @@ kube_ovn_version: "v1.8.1" kube_router_version: "v1.4.0" multus_version: "v3.8" helm_version: "v3.8.0" -nerdctl_version: "0.17.0" +nerdctl_version: "0.17.1" krew_version: "v0.4.2" # Get kubernetes major version (i.e. 1.17.4 => 1.17) @@ -668,51 +668,63 @@ gvisor_containerd_shim_binary_checksums: nerdctl_archive_checksums: arm: - 0.17.0: 6fc702457e2013cc66b90300b19f860908b6ed124a24c0c5eb2c3ade47d4d9bf + 0.17.1: 0fa2da009be79e6d45e34e4c53da194f9c69bb59f3d12c21df80d4ace8461af1 arm64: - 0.17.0: cddd33f915c617e7ed32f79bc5a18eb2821cddf4de082e3e47764871abe21f90 + 0.17.1: 8828b59c95398556d11be4684929fc975c25cb794c31d41d57baf489efb2ad2d amd64: - 0.17.0: 4c08a6ce657ff851dd7a7b1d21c64f1c1950e35de03fa7f1853eab47fa2b2d53 + 0.17.1: 6d18d3eaa74cd2f8e36e51f551282355d0bb1dd962ecd2d1dfecee161d0bd39a ppc64le: - 0.17.0: b9113bb537861ecd400e12649045c4587c3bd229ac6ccf36af69c79da5563840 + 0.17.1: e34ba71e37855211bbd7d563a2c89d4686f553d1100e59401d95493614b278a7 containerd_archive_checksums: arm: 1.4.9: 0 1.4.11: 0 1.4.12: 0 + 1.4.13: 0 1.5.5: 0 1.5.7: 0 1.5.8: 0 1.5.9: 0 + 1.5.10: 0 1.6.0: 0 + 1.6.1: 0 arm64: 1.4.9: 0 1.4.11: 0 1.4.12: 0 + 1.4.13: 0 1.5.5: 0 1.5.7: 0 1.5.8: 0 1.5.9: 0 + 1.5.10: 0 1.6.0: 6eff3e16d44c89e1e8480a9ca078f79bab82af602818455cc162be344f64686a + 1.6.1: fbeec71f2d37e0e4ceaaac2bdf081295add940a7a5c7a6bcc125e5bbae067791 amd64: 1.4.9: 346f88ad5b973960ff81b5539d4177af5941ec2e4703b479ca9a6081ff1d023b 1.4.11: 80c47ec5ce2cd91a15204b5f5b534892ca653e75f3fba0c451ca326bca45fb00 1.4.12: 26bb35ee8a2467029ca450352112ba3a0d2b8bf6b70bf040f62d91f3c501736c + 1.4.13: bc8b3e6abe99143788de5afaaf896cb7f229733f1ebd980eec48e71cc21c0a6a 1.5.5: 8efc527ffb772a82021800f0151374a3113ed2439922497ff08f2596a70f10f1 1.5.7: 109fc95b86382065ea668005c376360ddcd8c4ec413e7abe220ae9f461e0e173 1.5.8: feeda3f563edf0294e33b6c4b89bd7dbe0ee182ca61a2f9b8c3de2766bcbc99b 1.5.9: a457793a1643657588baf46d3ffbf44fae0139b65076064e237ddf29cd838ba4 + 1.5.10: 44f809e02233a510bb9d136906849e9ed058aa1d3d714244376001ab77464db7 1.6.0: f77725e4f757523bf1472ec3b9e02b09303a5d99529173be0f11a6d39f5676e9 + 1.6.1: c1df0a12af2be019ca2d6c157f94e8ce7430484ab29948c9805882df40ec458b ppc64le: 1.4.9: 0 1.4.11: 0 1.4.12: 0 + 1.4.13: 0 1.5.5: 0 1.5.7: 0 1.5.8: 0 1.5.9: 0 + 1.5.10: 0 1.6.0: 0 + 1.6.1: 0 etcd_binary_checksum: "{{ etcd_binary_checksums[image_arch][etcd_version] }}" flannel_cni_binary_checksum: "{{ flannel_cni_binary_checksums[image_arch][flannel_cni_version] }}"