[Buildroot] [PATCH] package/docker-containerd: security bump to version 1.4.3

[Buildroot] [PATCH] package/docker-containerd: security bump to version 1.4.3

[Peter Korsgaard]

Fixes the following security issue:

- CVE-2020-15257: Access controls for the shim?s API socket verified that
  the connecting process had an effective UID of 0, but did not otherwise
  restrict access to the abstract Unix domain socket.  This would allow
  malicious containers running in the same network namespace as the shim,
  with an effective UID of 0 but otherwise reduced privileges, to cause new
  processes to be run with elevated privileges.

For more details, see the advisory:
https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/docker-containerd/docker-containerd.hash | 2 +-
 package/docker-containerd/docker-containerd.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/docker-containerd/docker-containerd.hash b/package/docker-containerd/docker-containerd.hash
index 2ec3d042ba..c5cfc137b8 100644
--- a/package/docker-containerd/docker-containerd.hash
+++ b/package/docker-containerd/docker-containerd.hash
@@ -1,3 +1,3 @@
 # Computed locally
-sha256	d410b8efc94e4124990f01de7107223971be8c9258fc651decf9e0ba648485b5  docker-containerd-1.4.1.tar.gz
+sha256	bc6d9452c700af0ebc09c0da8ddba55be4c03ac8928e72ca92d98905800c8018  docker-containerd-1.4.3.tar.gz
 sha256	4bbe3b885e8cd1907ab4cf9a41e862e74e24b5422297a4f2fe524e6a30ada2b4  LICENSE
diff --git a/package/docker-containerd/docker-containerd.mk b/package/docker-containerd/docker-containerd.mk
index 71f9b4c065..d9a0eb28a6 100644
--- a/package/docker-containerd/docker-containerd.mk
+++ b/package/docker-containerd/docker-containerd.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_CONTAINERD_VERSION = 1.4.1
+DOCKER_CONTAINERD_VERSION = 1.4.3
 DOCKER_CONTAINERD_SITE = $(call github,containerd,containerd,v$(DOCKER_CONTAINERD_VERSION))
 DOCKER_CONTAINERD_LICENSE = Apache-2.0
 DOCKER_CONTAINERD_LICENSE_FILES = LICENSE
-- 
2.20.1

[Buildroot] [PATCH] package/docker-containerd: security bump to version 1.4.3

[Peter Korsgaard]

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > Fixes the following security issue:
 > - CVE-2020-15257: Access controls for the shim?s API socket verified that
 >   the connecting process had an effective UID of 0, but did not otherwise
 >   restrict access to the abstract Unix domain socket.  This would allow
 >   malicious containers running in the same network namespace as the shim,
 >   with an effective UID of 0 but otherwise reduced privileges, to cause new
 >   processes to be run with elevated privileges.

 > For more details, see the advisory:
 > https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH] package/docker-containerd: security bump to version 1.4.3

[Peter Korsgaard]

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > Fixes the following security issue:
 > - CVE-2020-15257: Access controls for the shim?s API socket verified that
 >   the connecting process had an effective UID of 0, but did not otherwise
 >   restrict access to the abstract Unix domain socket.  This would allow
 >   malicious containers running in the same network namespace as the shim,
 >   with an effective UID of 0 but otherwise reduced privileges, to cause new
 >   processes to be run with elevated privileges.

 > For more details, see the advisory:
 > https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed to 2020.02.x and 2020.08.x, thanks.

-- 
Bye, Peter Korsgaard