From 34fec09ff1f9da7157b8f7d8ad5c918bfc8ea577 Mon Sep 17 00:00:00 2001 From: Cristian Calin <6627509+cristicalin@users.noreply.github.com> Date: Mon, 4 Apr 2022 15:30:11 +0300 Subject: [PATCH] [containerd] upgrade versions to address CVE-2022-24769 (#8671) * [containerd] add hashes for 1.5.11 * [containerd] add hashes for 1.6.2 * [containerd] make 1.6.2 the new default --- README.md | 2 +- roles/download/defaults/main.yml | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c5c26b1bd..35ebc248b 100644 --- a/README.md +++ b/README.md @@ -134,7 +134,7 @@ Note: Upstart/SysV init based OS types are not supported. - [kubernetes](https://github.com/kubernetes/kubernetes) v1.23.5 - [etcd](https://github.com/etcd-io/etcd) v3.5.1 - [docker](https://www.docker.com/) v20.10 (see note) - - [containerd](https://containerd.io/) v1.6.1 + - [containerd](https://containerd.io/) v1.6.2 - [cri-o](http://cri-o.io/) v1.22 (experimental: see [CRI-O Note](docs/cri-o.md). Only on fedora, ubuntu and centos based OS) - Network Plugin - [cni-plugins](https://github.com/containernetworking/plugins) v1.0.1 diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index b1484fd5f..99d097730 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -74,7 +74,7 @@ runc_version: v1.1.1 kata_containers_version: 2.2.3 youki_version: 0.0.1 gvisor_version: 20210921 -containerd_version: 1.6.1 +containerd_version: 1.6.2 cri_dockerd_version: v0.2.0 # this is relevant when container_manager == 'docker' @@ -743,8 +743,10 @@ containerd_archive_checksums: 1.5.8: 0 1.5.9: 0 1.5.10: 0 + 1.5.11: 0 1.6.0: 0 1.6.1: 0 + 1.6.2: 0 arm64: 1.4.9: 0 1.4.11: 0 @@ -755,8 +757,10 @@ containerd_archive_checksums: 1.5.8: 0 1.5.9: 0 1.5.10: 0 + 1.5.11: 0 1.6.0: 6eff3e16d44c89e1e8480a9ca078f79bab82af602818455cc162be344f64686a 1.6.1: fbeec71f2d37e0e4ceaaac2bdf081295add940a7a5c7a6bcc125e5bbae067791 + 1.6.2: a4b24b3c38a67852daa80f03ec2bc94e31a0f4393477cd7dc1c1a7c2d3eb2a95 amd64: 1.4.9: 346f88ad5b973960ff81b5539d4177af5941ec2e4703b479ca9a6081ff1d023b 1.4.11: 80c47ec5ce2cd91a15204b5f5b534892ca653e75f3fba0c451ca326bca45fb00 @@ -767,8 +771,10 @@ containerd_archive_checksums: 1.5.8: feeda3f563edf0294e33b6c4b89bd7dbe0ee182ca61a2f9b8c3de2766bcbc99b 1.5.9: a457793a1643657588baf46d3ffbf44fae0139b65076064e237ddf29cd838ba4 1.5.10: 44f809e02233a510bb9d136906849e9ed058aa1d3d714244376001ab77464db7 + 1.5.11: f2a2476ca44a24067488cd6d0b064b2128e01f6f53e5f29c5acfaf1520927ee2 1.6.0: f77725e4f757523bf1472ec3b9e02b09303a5d99529173be0f11a6d39f5676e9 1.6.1: c1df0a12af2be019ca2d6c157f94e8ce7430484ab29948c9805882df40ec458b + 1.6.2: 3d94f887de5f284b0d6ee61fa17ba413a7d60b4bb27d756a402b713a53685c6a ppc64le: 1.4.9: 0 1.4.11: 0 @@ -779,8 +785,10 @@ containerd_archive_checksums: 1.5.8: 0 1.5.9: 0 1.5.10: 0 + 1.5.11: 0 1.6.0: 0 1.6.1: 0 + 1.6.2: 0 etcd_binary_checksum: "{{ etcd_binary_checksums[image_arch][etcd_version] }}" flannel_cni_binary_checksum: "{{ flannel_cni_binary_checksums[image_arch][flannel_cni_version] }}"