diff --git a/etc/kayobe/apt.yml b/etc/kayobe/apt.yml index 1d043d111..b23104087 100644 --- a/etc/kayobe/apt.yml +++ b/etc/kayobe/apt.yml @@ -56,6 +56,11 @@ stackhpc_apt_repositories: suites: "{{ ansible_facts.distribution_release }}-security" components: main restricted universe multiverse architecture: amd64 + - url: "{{ stackhpc_repo_ubuntu_jammy_cve_2024_6387_url }}" + suites: "pulp" + components: upload + architecture: amd64 + trusted: yes - url: "{{ stackhpc_repo_docker_ce_ubuntu_url }}" suites: "{{ ansible_facts.distribution_release }}" components: stable diff --git a/etc/kayobe/environments/ci-aio/stackhpc-ci.yml b/etc/kayobe/environments/ci-aio/stackhpc-ci.yml index aadd0baab..e3fd39b1f 100644 --- a/etc/kayobe/environments/ci-aio/stackhpc-ci.yml +++ b/etc/kayobe/environments/ci-aio/stackhpc-ci.yml @@ -50,6 +50,7 @@ stackhpc_repo_ubuntu_focal_version: "{{ stackhpc_pulp_repo_ubuntu_focal_version stackhpc_repo_ubuntu_focal_security_version: "{{ stackhpc_pulp_repo_ubuntu_focal_security_version }}" stackhpc_repo_ubuntu_jammy_version: "{{ stackhpc_pulp_repo_ubuntu_jammy_version }}" stackhpc_repo_ubuntu_jammy_security_version: "{{ stackhpc_pulp_repo_ubuntu_jammy_security_version }}" +stackhpc_repo_ubuntu_jammy_cve_2024_6387_version: "" stackhpc_repo_docker_ce_ubuntu_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_version }}" stackhpc_repo_centos_stream_9_nfv_openvswitch_version: "{{ stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version }}" stackhpc_repo_centos_stream_9_openstack_yoga_version: "{{ stackhpc_pulp_repo_centos_stream__openstack_yoga_version }}" diff --git a/etc/kayobe/environments/ci-builder/stackhpc-ci.yml b/etc/kayobe/environments/ci-builder/stackhpc-ci.yml index 97b9a1099..57825f73c 100644 --- a/etc/kayobe/environments/ci-builder/stackhpc-ci.yml +++ b/etc/kayobe/environments/ci-builder/stackhpc-ci.yml @@ -73,6 +73,7 @@ stackhpc_repo_ubuntu_focal_version: "{{ stackhpc_pulp_repo_ubuntu_focal_version stackhpc_repo_ubuntu_focal_security_version: "{{ stackhpc_pulp_repo_ubuntu_focal_security_version }}" stackhpc_repo_ubuntu_jammy_version: "{{ stackhpc_pulp_repo_ubuntu_jammy_version }}" stackhpc_repo_ubuntu_jammy_security_version: "{{ stackhpc_pulp_repo_ubuntu_jammy_security_version }}" +stackhpc_repo_ubuntu_jammy_cve_2024_6387_version: "" stackhpc_repo_docker_ce_ubuntu_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_version }}" stackhpc_repo_centos_stream_9_nfv_openvswitch_version: "{{ stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version }}" stackhpc_repo_centos_stream_9_openstack_yoga_version: "{{ stackhpc_pulp_repo_centos_stream_9_openstack_yoga_version }}" diff --git a/etc/kayobe/environments/ci-multinode/stackhpc-ci.yml b/etc/kayobe/environments/ci-multinode/stackhpc-ci.yml index 0237ef91b..3563364c8 100644 --- a/etc/kayobe/environments/ci-multinode/stackhpc-ci.yml +++ b/etc/kayobe/environments/ci-multinode/stackhpc-ci.yml @@ -47,6 +47,7 @@ stackhpc_repo_ubuntu_focal_version: "{{ stackhpc_pulp_repo_ubuntu_focal_version stackhpc_repo_ubuntu_focal_security_version: "{{ stackhpc_pulp_repo_ubuntu_focal_security_version }}" stackhpc_repo_ubuntu_jammy_version: "{{ stackhpc_pulp_repo_ubuntu_jammy_version }}" stackhpc_repo_ubuntu_jammy_security_version: "{{ stackhpc_pulp_repo_ubuntu_jammy_security_version }}" +stackhpc_repo_ubuntu_jammy_cve_2024_6387_version: "" stackhpc_repo_docker_ce_ubuntu_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_version }}" stackhpc_repo_centos_stream_9_nfv_openvswitch_version: "{{ stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version }}" stackhpc_repo_centos_stream_9_openstack_yoga_version: "{{ stackhpc_pulp_repo_centos_stream_9_openstack_yoga_version }}" diff --git a/etc/kayobe/pulp.yml b/etc/kayobe/pulp.yml index 713f71855..207c1f0eb 100644 --- a/etc/kayobe/pulp.yml +++ b/etc/kayobe/pulp.yml @@ -123,6 +123,14 @@ stackhpc_pulp_deb_repos: distributions: "jammy-security" required: "{{ stackhpc_pulp_sync_ubuntu_jammy | bool }}" + - name: "Ubuntu jammy CVE-2024-6387" + url: "{{ stackhpc_release_pulp_content_url }}/ubuntu-jammy-cve-2024-6387/" + distribution_name: "ubuntu-jammy-cve-2024-6387-" + base_path: "ubuntu-jammy-cve-2024-6387/" + components: "upload" + distributions: "pulp" + required: "{{ stackhpc_pulp_sync_ubuntu_jammy | bool }}" + # Third-party repositories - name: "Docker CE for Ubuntu" url: "{{ stackhpc_release_pulp_content_url }}/docker-ce/ubuntu/{{ stackhpc_pulp_repo_docker_ce_ubuntu_version }}" diff --git a/etc/kayobe/stackhpc.yml b/etc/kayobe/stackhpc.yml index 1ca08dbff..b74648178 100644 --- a/etc/kayobe/stackhpc.yml +++ b/etc/kayobe/stackhpc.yml @@ -47,6 +47,10 @@ stackhpc_repo_ubuntu_jammy_version: "{{ stackhpc_repo_distribution }}" stackhpc_repo_ubuntu_jammy_security_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/ubuntu/jammy-security/{{ stackhpc_repo_ubuntu_jammy_security_version }}" stackhpc_repo_ubuntu_jammy_security_version: "{{ stackhpc_repo_distribution }}" +# Ubuntu jammy CVE-3034-6287 +stackhpc_repo_ubuntu_jammy_cve_2024_6387_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/ubuntu-jammy-cve-2024-6387/{{ stackhpc_repo_ubuntu_jammy_cve_2024_6387_version }}" +stackhpc_repo_ubuntu_jammy_cve_2024_6387_version: "{{ stackhpc_repo_distribution }}" + # Ubuntu Cloud Archive stackhpc_repo_ubuntu_cloud_archive_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/ubuntu-cloud-archive/{{ stackhpc_repo_ubuntu_cloud_archive_version }}" stackhpc_repo_ubuntu_cloud_archive_version: "{{ stackhpc_repo_distribution }}" diff --git a/releasenotes/notes/ubuntu-fix-cve-2024-6387-648efedaeb288023.yaml b/releasenotes/notes/ubuntu-fix-cve-2024-6387-648efedaeb288023.yaml new file mode 100644 index 000000000..b90480105 --- /dev/null +++ b/releasenotes/notes/ubuntu-fix-cve-2024-6387-648efedaeb288023.yaml @@ -0,0 +1,5 @@ +--- +security: + - | + Adds a custom Apt repository to address `CVE-2024-6387 +