Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 40: 2025-76012a9a99 critical: multiple container issues

fedora
Calendar Grey February 9, 2025
Dist Fedora Esm H88
The upgrade to Fedora 40's NVIDIA toolkit version 1.17.3 resolves various security vulnerabilities and improves overall container safety.
Update to 1.17.3 Fixes CVE-2024-0134 or GHSA-7jm9-xpwx-v999 Fixes CVE-2024-0135 or GHSA-9v84-cc9j-pxr6, CVE-2024-0136 or GHSA- vcfp-63cx-4h59, and CVE-2024-0137 or GHSA-frhw-w3wm-6...

Summary

The NVIDIA Container Toolkit allows users to build and run NVIDIA GPU

accelerated containers. The toolkit includes a container runtime library and

utilities to automatically configure containers to leverage NVIDIA GPUs.

Update Information:

Update to 1.17.3 Fixes CVE-2024-0134 or GHSA-7jm9-xpwx-v999 Fixes CVE-2024-0135 or GHSA-9v84-cc9j-pxr6, CVE-2024-0136 or GHSA- vcfp-63cx-4h59, and CVE-2024-0137 or GHSA-frhw-w3wm-6cw4

Topics%20covered

Topics Covered

security advisory software update Fedora vulnerability CVE fix container security NVIDIA toolkit

Change Log

* Wed Jan 29 2025 Debarshi Ray - 1.17.3-1 - Update to 1.17.3 * Wed Jan 29 2025 Debarshi Ray - 1.17.2-1 - Update to 1.17.2 * Tue Jan 28 2025 Debarshi Ray - 1.17.1-1 - Update to 1.17.1 * Fri Jan 24 2025 Debarshi Ray - 1.17.0-1 - Update to 1.17.0 * Fri Jan 24 2025 Debarshi Ray - 1.16.2-2 - Synchronize linker flags with upstream

References


[ 1 ] Bug #2324082 - CVE-2024-0134 golang-github-nvidia-container-toolkit: specially-crafted container image can lead to the creation of unauthorized files on the host [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2324082 [ 2 ] Bug #2342483 - CVE-2024-0135 golang-github-nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2342483 [ 3 ] Bug #2342487 - CVE-2024-0137 golang-github-nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2342487 [ 4 ] Bug #2342491 - CVE-2024-0136 golang-github-nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2342491

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-76012a9a99' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: golang-github-nvidia-container-toolkit
Product: Fedora 40
Version: 1.17.3
Release: 1.fc40
URL: https://github.com/NVIDIA/nvidia-container-toolkit
Summary: Build and run containers leveraging NVIDIA GPUs

Topics%20covered

Topics Covered

security advisory software update Fedora vulnerability CVE fix container security NVIDIA toolkit

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here