Severe Vulnerabilities in Moby BuildKit and OCI runc: CVE-2024-23651, CVE-2024-23652, CVE-2024-23653, CVE-2024-21626 #7215
Assignees
Comments
|
Checking... |
|
Is there any news? @yophilav @TerryWarwick |
|
The patched runc is available on packages.microsoft.com:
|
|
Hi @Prov-Matthias, I am a PM on the EFLOW team. Apologies for not seeing your GitHub request in that repo, the patched runc is included in the latest EFLOW release from early February. |
|
Thanks for the update @SummerSmith @veyalla |
|
[like] Matthias Braun | Provectus reacted to your message:
…________________________________
From: Summer Smith ***@***.***>
Sent: Thursday, February 29, 2024 4:16:52 AM
To: Azure/iotedge ***@***.***>
Cc: Matthias Braun | Provectus ***@***.***>; Mention ***@***.***>
Subject: Re: [Azure/iotedge] Severe Vulnerabilities in Moby BuildKit and OCI runc: CVE-2024-23651, CVE-2024-23652, CVE-2024-23653, CVE-2024-21626 (Issue #7215)
Hi @Prov-Matthias<https://github.com/Prov-Matthias>, I am a PM on the EFLOW team. Apologies for not seeing your GitHub request in that repo, the patched runc is included in the latest EFLOW release from early February<https://github.com/Azure/iotedge-eflow/releases>.
—
Reply to this email directly, view it on GitHub<#7215 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ANT27HHDXX5QT3WLUI5PBXDYV76LHAVCNFSM6AAAAABDHV45CWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNZQGM3DKNZUGI>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
Der Inhalt dieser Email ist nur im Rahmen der geschäftlichen Erfordernisse und unter Beachtung vertraglicher Verpflichtungen (z.B. NDA) zu nutzen. Sollten Sie diese E-mail fälschlicherweise erhalten haben, ohne dass Sie der berechtigte Adressat sind, bitten wir Sie höflich, den Absender sofort zu informieren und diese E-Mail nebst Anlagen umgehend zu vernichten. Zur Klassifizierung der Informationen nutzen wir das sog. Traffic Light Protocol (TLP). Informationen zur Handhabung finden sie unter www.provectus.de/tlp<https://www.provectus.de/tlp>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello everyone,
is IoT Edge (EFLWO) affected and if so, until when will there be an update?
Detailed background
https://socradar.io/severe-vulnerabilities-in-moby-buildkit-and-oci-runc-cve-2024-23651-cve-2024-23652-cve-2024-23653-cve-2024-21626/
This release contains security fixes for the following CVEs
affecting Docker Engine and its components: https://github.com/moby/moby/releases/tag/v25.0.2
Thanks!
Kind regards,
Matthias
I posted the same issue in the iotedge-eflow repo last week and still haven't received a response. Is this issue not being tracked?
The text was updated successfully, but these errors were encountered: