Projetos/rpi-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/netavark: security bump to v1.16.1

Browse Source 
Even though this is not mentioned in the release notes:
- https://github.com/containers/netavark/releases/tag/v1.16.0
- https://github.com/containers/netavark/releases/tag/v1.16.1

According to https://bugzilla.redhat.com/show_bug.cgi?id=2383941,
the fix for the CVE has been merged upstream, and is in netavark
since v1.16.0.

This fixes the following vulnerability:
- CVE-2025-8283:
    A vulnerability was found in the netavark package, a network stack for
    containers used with Podman. Due to dns.podman search domain being
    removed, netavark may return external servers if a valid A/AAAA record
    is sent as a response. When creating a container with a given name,
    this name will be used as the hostname for the container itself, as
    the podman's search domain is not added anymore the container is using
    the host's resolv.conf, and the DNS resolver will try to look into the
    search domains contained on it. If one of the domains contain a name
    with the same hostname as the running container, the connection will
    forward to unexpected external servers.
    https://www.cve.org/CVERecord?id=CVE-2025-8283

Also bump package/aardvark-dns in the same lockstep, as advised in
the packages .mk version comments.

Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Titouan Christophe
2025-09-03 12:12:53 +02:00
committed by Peter Korsgaard
parent f55145837e
commit c7a8c85d45
4 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
package/aardvark-dns/aardvark-dns.hash
View File

@@ -1,3 +1,3 @@
# Locally computed
sha256 d38758c5cf1a732d34c8bcf8f4d3d49d308903206082721c6099daf89fcca87f aardvark-dns-v1.15.0-git4-cargo4.tar.gz
sha256 629df64d5d713b5b78cf8d9387de12d84b88103a8581457e60c7697cf64ad83c aardvark-dns-v1.16.0-git4-cargo4.tar.gz
sha256 c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4 LICENSE

2
package/aardvark-dns/aardvark-dns.mk
View File

@@ -5,7 +5,7 @@
################################################################################
# When updating the version here, also update netavark in lockstep
AARDVARK_DNS_VERSION = v1.15.0
AARDVARK_DNS_VERSION = v1.16.0
AARDVARK_DNS_SITE = https://github.com/containers/aardvark-dns
AARDVARK_DNS_SITE_METHOD = git

2
package/netavark/netavark.hash
View File

@@ -1,3 +1,3 @@
# Locally computed
sha256 1a530b275d73c937c63d513bfe3f5ac3651b9346fdf98411b16fdcf9e1cd59b0 netavark-v1.15.2-git4-cargo4.tar.gz
sha256 1eb17a5ed223928bdd433e0eb8518682ae71dd02981019fb726a9330d7166b2d netavark-v1.16.1-git4-cargo4.tar.gz
sha256 c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4 LICENSE

2
package/netavark/netavark.mk
View File

@@ -5,7 +5,7 @@
################################################################################
# When updating the version here, also update aardvark-dns in lockstep
NETAVARK_VERSION = v1.15.2
NETAVARK_VERSION = v1.16.1
NETAVARK_SITE = https://github.com/containers/netavark
NETAVARK_SITE_METHOD = git