20.10.16¶
(2023-04-04)
Components¶
Component |
Version |
---|---|
Mirantis Container Runtime |
20.10.16 |
0.3.1 |
|
Golang runtime |
|
Security¶
Fixed a number of issues that can cause Swarm encrypted overlay networks to fail to uphold their guarantees, addressing CVE-2023-28841, CVE-2023-28840, and CVE-2023-28842.
A lack of kernel support for encrypted overlay networks now reports as an error.
Encrypted overlay networks are eagerly set up, rather than waiting for multiple nodes to attach.
Encrypted overlay networks are now usable on Red Hat Enterprise Linux 9 through the use of the
xt_bpf
kernel module.
Users of Swarm overlay networks should review GHSA-vwm3-crmr-xfxw to ensure that unintentional exposure has not occurred. In addition, you can consult Mirantis
KB000009856
for temporary mitigation instructions.
Packaging¶
Updated Fipster (Go runtime) to version go1.19.7m3.
Fixes for Go CVEs: CVE-2022-41724, CVE-2022-41723, CVE-2022-41725, CVE-2022-41722, and CVE-2023-24532.
Fixes for FIPS module CVEs: CVE-2023-0286, CVE-2023-0215, and CVE-2022-4304.
Early backport of Go CL 478660 to solve a regression related to
RLIMIT_NOFILE
.
Updated containerd to version 1.6.19.
Updated Docker Buildx to v0.10.4.
Updated cri-dockerd to 0.3.1.