-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-76012a9a99 2025-02-09 01:30:07.778474+00:00 -------------------------------------------------------------------------------- Name : golang-github-nvidia-container-toolkit Product : Fedora 40 Version : 1.17.3 Release : 1.fc40 URL : https://github.com/NVIDIA/nvidia-container-toolkit Summary : Build and run containers leveraging NVIDIA GPUs Description : The NVIDIA Container Toolkit allows users to build and run NVIDIA GPU accelerated containers. The toolkit includes a container runtime library and utilities to automatically configure containers to leverage NVIDIA GPUs. -------------------------------------------------------------------------------- Update Information: Update to 1.17.3 Fixes CVE-2024-0134 or GHSA-7jm9-xpwx-v999 Fixes CVE-2024-0135 or GHSA-9v84-cc9j-pxr6, CVE-2024-0136 or GHSA- vcfp-63cx-4h59, and CVE-2024-0137 or GHSA-frhw-w3wm-6cw4 -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 29 2025 Debarshi Ray <rishi@xxxxxxxxxxxxxxxxx> - 1.17.3-1 - Update to 1.17.3 * Wed Jan 29 2025 Debarshi Ray <rishi@xxxxxxxxxxxxxxxxx> - 1.17.2-1 - Update to 1.17.2 * Tue Jan 28 2025 Debarshi Ray <rishi@xxxxxxxxxxxxxxxxx> - 1.17.1-1 - Update to 1.17.1 * Fri Jan 24 2025 Debarshi Ray <rishi@xxxxxxxxxxxxxxxxx> - 1.17.0-1 - Update to 1.17.0 * Fri Jan 24 2025 Debarshi Ray <rishi@xxxxxxxxxxxxxxxxx> - 1.16.2-2 - Synchronize linker flags with upstream -------------------------------------------------------------------------------- References: [ 1 ] Bug #2324082 - CVE-2024-0134 golang-github-nvidia-container-toolkit: specially-crafted container image can lead to the creation of unauthorized files on the host [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2324082 [ 2 ] Bug #2342483 - CVE-2024-0135 golang-github-nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2342483 [ 3 ] Bug #2342487 - CVE-2024-0137 golang-github-nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2342487 [ 4 ] Bug #2342491 - CVE-2024-0136 golang-github-nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2342491 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-76012a9a99' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
