Описание
Security update for cadvisor
This update for cadvisor fixes the following issues:
-
update to 0.52.1:
- Make resctrl optional/pluggable
-
update to 0.52.0:
- bump containerd related deps: api v1.8.0; errdefs v1.0.0; ttrpc v1.2.6
- chore: Update Prometheus libraries
- bump runc to v1.2.4
- Add Pressure Stall Information Metrics
- Switch to opencontainers/cgroups repository (includes update from golang 1.22 to 1.24)
- Bump to newer opencontainers/image-spec @ v1.1.1
-
update to 0.49.2:
- Cp fix test
- Revert 'reduce_logs_for_kubelet_use_crio'
-
CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 (boo#1239291)
-
Update to version 0.49.1:
- build docker - add --provenance=false flag
- Remove s390x support
- Disable libipmctl in build
- Ugrade base image to 1.22 and alpine 3.18
- fix type of C.malloc in cgo
- Bump runc to v1.1.12
- Bump to bullseye
- Remove section about canary image
- Add note about WebUI auth
- Remove mentions of accelerator from the docs
- reduce_logs_for_kubelet_use_crio
- upgrade actions/checkout and actions/setup-go and actions/upload-artifact
- build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /cmd
- add cadvisor and crio upstream changes
- Avoid using container/podman in manager.go
- container: skip checking for files in non-existent directories.
- Adjust the log level of Initialize Plugins
- add ignored device
- fix: variable naming
- build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 in /cmd
- manager: require higher verbosity level for container info misses
- Information should be logged on increased verbosity only
- Running do mod tidy
- Running go mod tidy
- Running go mod tidy
- container/libcontainer: Improve limits file parsing perf
- container/libcontainer: Add limit parsing benchmark
- build(deps): bump github.com/cyphar/filepath-securejoin in /cmd
- build(deps): bump github.com/cyphar/filepath-securejoin
- Set verbosity after flag definition
- fix: error message typo
- vendor: bump runc to 1.1.9
- Switch to use busybox from registry.k8s.io
- Bump golang ci lint to v1.54.1
- Bump github.com/docker/docker in /cmd
- Bump github.com/docker/docker
- Bump github.com/docker/distribution in /cmd
- Bump github.com/docker/distribution
- Update genproto dependency to isolated submodule
- remove the check for the existence of NFS files, which will cause unnecessary requests.
- reduce inotify watch
- fix performance degradation of NFS
- fix: fix type issue
- fix: fix cgo memory leak
- ft: export memory kernel usage
- sysinfo: Ignore 'hidden' sysfs device entries
- Increasing required verbosity level
- Patch to fix issue 2341
- podman support: Enable Podman support.
- podman support: Create Podman handler.
- podman support: Changes in Docker handler.
- unit test: machine_swap_bytes
- Add documentation for machine_swap_bytes metric
- Add a machine_swap_bytes metric
- fix: add space trimming for label allowlist
- Upgrade to blang/semver/v4 v4.0.0
- docs(deploy/k8s): remote build for kustomize
- Update dependencies
- Change filepaths to detect online CPUs
- Update actions/checkout to v3
- Fix flags typo
- Updating location of kubernetes/pause image
- Using t.TempDir() in tests
- Unit test: MachineInfo Clone() method
- Bugfix: MachineInfo Clone() - clone SwapCapacity
- Optimize network metrics collection
- Removing calls to deprecates io/ioutil package
- Updating minimum Go version to 1.19
- Request the pid of another container if current pid is not longer valid
- Restructure
- Add CRI-O client timeout setting
- Set containerd grpc.MaxCallRecvMsgSize to 16MB
- Fix asset build
- feat(logging): add verbosity to non-NUMA node warning
- add nerdctl to ignoredDevices
- nvm: Change the 'no NVM devices' log.
- nvm: Fix typo.
- Fix CVE-2022-27664 (#3248)
- resctrl: Reduce size and mode files check (#3264)
- readme: Update Creatone contributor info. (#3265)
- Fix comment to refer to correct client
- build: bump golang to 1.20
- ci: Update golang ci-lint to v1.51.2
- build: Update shebang to python3
- Revert 'dockerfile: Fix typo in go build tags.'
- Decreasing verbosity level for 'Cannot read vendor id correctly, set empty'
- dockerfile: Fix typo in go build tags.
- deps: Move from cloud.google.com/go/compute -> cloud.google.com/go
- use memory.min for reservation memory instead of high
- Mark GOPATH as git safe.directory to fix CI build
- switch to gomodule/redigo from garyburd/redigo
- update go.mod/sum both in root and cmd/
- Drop accelerator metrics and nvidia integration
- Add s390x support for docker image
- typo in MachineInfo spec for SwapCapacity
- add support for swap in machine/info
Список пакетов
SUSE Package Hub 15 SP6
cadvisor-0.52.1-bp156.3.3.1
openSUSE Leap 15.6
cadvisor-0.52.1-bp156.3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2025:0103-1
- SUSE Security Ratings
- SUSE Bug 1222192
- SUSE Bug 1239291
- SUSE CVE CVE-2022-27664 page
- SUSE CVE CVE-2025-22868 page
Описание
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
Затронутые продукты
SUSE Package Hub 15 SP6:cadvisor-0.52.1-bp156.3.3.1
openSUSE Leap 15.6:cadvisor-0.52.1-bp156.3.3.1
Ссылки
- CVE-2022-27664
- SUSE Bug 1203185
- SUSE Bug 1203293
Описание
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
Затронутые продукты
SUSE Package Hub 15 SP6:cadvisor-0.52.1-bp156.3.3.1
openSUSE Leap 15.6:cadvisor-0.52.1-bp156.3.3.1
Ссылки
- CVE-2025-22868
- SUSE Bug 1239186