Overview

File _patchinfo of Package patchinfo.27261

<patchinfo incident="27261">
  <issue tracker="cve" id="2022-1708"/>
  <issue tracker="bnc" id="1200285">VUL-0: CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube API</issue>
  <packager>dancermak</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for conmon</summary>
  <description>This update for conmon fixes the following issues:

conmon was updated to version 2.1.5:

* don't leak syslog_identifier
* logging: do not read more that the buf size
* logging: fix error handling
* Makefile: Fix install for FreeBSD
* signal: Track changes to get_signal_descriptor in the FreeBSD version
* Packit: initial enablement

Update to version 2.1.4:

* Fix a bug where conmon crashed when it got a SIGCHLD

update to 2.1.3:

* Stop using g_unix_signal_add() to avoid threads
* Rename CLI optionlog-size-global-max to log-global-size-max 

Update to version 2.1.2:

* add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 bsc#1200285)
* journald: print tag and name if both are specified
* drop some logs to debug level

Update to version 2.1.0

* logging: buffer partial messages to journald
* exit: close all fds &gt;= 3
* fix: cgroup: Free memory_cgroup_file_path if open fails.

Update to version 2.0.32

* Fix: Avoid mainfd_std{in,out} sharing the same file descriptor.
* exit_command: Fix: unset subreaper attribute before running exit command

Update to version 2.0.31
* logging: new mode -l passthrough
* ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald
* conmon: Fix: free userdata files before exec cleanup
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places