Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Fedora 41: 2025-a15b07073f critical: golang NVIDIA container issues

fedora
Calendar Grey February 8, 2025
Dist Fedora Esm H88
Fedora 41's update bolsters the security of the golang-github-nvidia-container-toolkit, vital for handling GPU resources in containers with improved access controls and logging
Update to 1.17.3 Fixes CVE-2024-0134 or GHSA-7jm9-xpwx-v999 Fixes CVE-2024-0135 or GHSA-9v84-cc9j-pxr6, CVE-2024-0136 or GHSA- vcfp-63cx-4h59, and CVE-2024-0137 or GHSA-frhw-w3wm-6...

Summary

The NVIDIA Container Toolkit allows users to build and run NVIDIA GPU

accelerated containers. The toolkit includes a container runtime library and

utilities to automatically configure containers to leverage NVIDIA GPUs.

Update Information:

Update to 1.17.3 Fixes CVE-2024-0134 or GHSA-7jm9-xpwx-v999 Fixes CVE-2024-0135 or GHSA-9v84-cc9j-pxr6, CVE-2024-0136 or GHSA- vcfp-63cx-4h59, and CVE-2024-0137 or GHSA-frhw-w3wm-6cw4

Change Log

* Wed Jan 29 2025 Debarshi Ray - 1.17.3-1 - Update to 1.17.3 * Wed Jan 29 2025 Debarshi Ray - 1.17.2-1 - Update to 1.17.2 * Tue Jan 28 2025 Debarshi Ray - 1.17.1-1 - Update to 1.17.1 * Fri Jan 24 2025 Debarshi Ray - 1.17.0-1 - Update to 1.17.0 * Fri Jan 24 2025 Debarshi Ray - 1.16.2-2 - Synchronize linker flags with upstream

References


[ 1 ] Bug #2324084 - CVE-2024-0134 golang-github-nvidia-container-toolkit: specially-crafted container image can lead to the creation of unauthorized files on the host [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2324084 [ 2 ] Bug #2342485 - CVE-2024-0135 golang-github-nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2342485 [ 3 ] Bug #2342489 - CVE-2024-0137 golang-github-nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2342489 [ 4 ] Bug #2342493 - CVE-2024-0136 golang-github-nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2342493

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-a15b07073f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: golang-github-nvidia-container-toolkit
Product: Fedora 41
Version: 1.17.3
Release: 1.fc41
Summary: Build and run containers leveraging NVIDIA GPUs

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here