Bug 2343213 - CVE-2024-8676 cri-o: Checkpoint restore can be triggered from different namespaces [fedora-all]
Summary: CVE-2024-8676 cri-o: Checkpoint restore can be triggered from different names...
Keywords:
Status: MODIFIED
Alias: None
Product: Fedora
Classification: Fedora
Component: cri-o
Version: 41
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
Assignee: Peter Hunt
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: {"flaws": ["669d11e1-7d6a-4fff-9beb-f...
Depends On:
Blocks: CVE-2024-8676
TreeView+ depends on / blocked
 
Reported: 2025-01-31 15:31 UTC by Vipul Nair
Modified: 2025-01-31 21:09 UTC (History)
9 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Vipul Nair 2025-01-31 15:31:51 UTC
More information about this security flaw is available in the following bug:

https://bugzilla.redhat.com/show_bug.cgi?id=2313842

Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

Comment 1 Brad Smith 2025-01-31 21:09:04 UTC
cri-o1.29 is at CRI-O v1.29.12 in rawhide and F41.
cri-o1.30 is at CRI-O v1.30.9 in rawhide and F41.
cri-o1.31 is at CRI-O v1.31.4 in rawhide and F41.

The cri-o package (unversioned) is at v1.30.6 in F41 (vulnerable). A pull request to up date to v1.30.9 (fixed) is available,

An upgrade request is needed to update cri-o package in F40 from unsupported v1.28.2 to v1.29.12 (or later).


Note You need to log in before you can comment on or make changes to this bug.