packages/cri-o
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!43 Fix CVE-2022-4318

Browse Source 
From: @northgarden 
Reviewed-by: @duyiwei7w 
Signed-off-by: @duyiwei7w
This commit is contained in:
openeuler-ci-bot 2024-04-01 05:41:47 +00:00 committed by Gitee
commit e48d787018
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
0002-fix-CVE-2022-4318.patch Normal file
View File

@ -0,0 +1,26 @@
From 6de3c05eb6cbb0e98c64bb92bc848a99436c363c Mon Sep 17 00:00:00 2001
From: bwzhang <zhangbowei@kylinos.cn>
Date: Wed, 13 Mar 2024 09:39:27 +0800
Subject: [PATCH] fix CVE-2022-4318
---
server/container_create.go | 3 +++
1 file changed, 3 insertions(+)
diff --git a/server/container_create.go b/server/container_create.go
index 520efc7..30f9ba5 100644
--- a/server/container_create.go
+++ b/server/container_create.go
@@ -196,6 +196,9 @@ func setupContainerUser(ctx context.Context, specgen *generate.Generator, rootfs
for _, env := range specgen.Config.Process.Env {
if strings.HasPrefix(env, "HOME=") {
homedir = strings.TrimPrefix(env, "HOME=")
+ if idx := strings.Index(homedir, `\n`); idx > -1 {
+ return fmt.Errorf("invalid HOME environment; newline not allowed")
+ }
break
}
}
--
2.20.1

9
cri-o.spec
View File

@ -21,7 +21,7 @@
Name: cri-o Name: cri-o
Version: 1.23.2 Version: 1.23.2
Epoch: 0 Epoch: 0
Release: 3 Release: 4
Summary: Open Container Initiative-based implementation of Kubernetes Container Runtime Interface Summary: Open Container Initiative-based implementation of Kubernetes Container Runtime Interface
License: ASL 2.0 License: ASL 2.0
URL: https://github.com/cri-o/cri-o URL: https://github.com/cri-o/cri-o
@ -30,6 +30,7 @@ Source1: https://github.com/cpuguy83/go-md2man/archive/v1.0.10.tar.gz
Patch0: backport-CVE-2022-2995.patch Patch0: backport-CVE-2022-2995.patch
Patch0001: 0001-fix-CVE-2022-27652.patch Patch0001: 0001-fix-CVE-2022-27652.patch
Patch0002: 0002-fix-CVE-2022-4318.patch
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}} ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}}
BuildRequires: golang >= 1.17, git-core, glib2-devel, glibc-static, openEuler-rpm-config BuildRequires: golang >= 1.17, git-core, glib2-devel, glibc-static, openEuler-rpm-config
@ -160,6 +161,12 @@ install -dp %{buildroot}%{_sharedstatedir}/containers
%{_datadir}/zsh/site-functions/_%{service_name}* %{_datadir}/zsh/site-functions/_%{service_name}*
%changelog %changelog
* Wed Mar 13 2024 zhangbowei <zhangbowei@kylinos.cn> - 0:1.23.2-4
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC: fix CVE-2022-4318
* Mon Apr 1 2024 zhangbowei <zhangbowei@kylinos.cn> - 0:1.23.2-3 * Mon Apr 1 2024 zhangbowei <zhangbowei@kylinos.cn> - 0:1.23.2-3
- Type:bugfix - Type:bugfix
- CVE:NA - CVE:NA