Fedora Linux 8811 Published by

A crun security update has been released for Fedora 33.



SECURITY: Fedora 33 Update: crun-0.19.1-2.fc33


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-ec00da7faa
2021-04-24 18:04:51.466052
--------------------------------------------------------------------------------

Name : crun
Product : Fedora 33
Version : 0.19.1
Release : 2.fc33
URL :   https://github.com/containers/crun
Summary : OCI runtime written in C
Description :
crun is a runtime for running OCI containers

--------------------------------------------------------------------------------
Update Information:

- crun and runc both `Provides: oci-runtime`. - containers-common now has
`Requires: oci-runtime`. - `dnf install oci-runtime` will install crun by
default unless runc is already installed. ---- buildah: Security fix for
CVE-2021-20291 Autobuilt v1.20.1
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 22 2021 Lokesh Mandvekar - 0.19.1-2
- rebuild for new bodhi
* Thu Apr 22 2021 Giuseppe Scrivano - 0.19.1-1
- built version 0.19.1
* Tue Apr 13 2021 Lokesh Mandvekar - 0.19-2
- unversioned Provides: oci-runtime
- runc package will also provide an unversioned Provides: oci-runtime.
- user should pull in runc separately or else it will install crun by default
(alphabetical order)
- similar situation as caddy, httpd, lighttpd and nginx having Provides:
webserver
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #1939485 - CVE-2021-20291 containers/storage: DoS via malicious image
  https://bugzilla.redhat.com/show_bug.cgi?id=1939485
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-ec00da7faa' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys