UbuntuUpdates.org

Package "containerd"

Name: containerd

Description:

daemon to control runC

Latest version: 1.5.9-0ubuntu1~20.04.4
Release: focal (20.04)
Level: security
Repository: main
Homepage: https://containerd.io

Links


Download "containerd"


Other versions of "containerd" in Focal

Repository Area Version
base main 1.3.3-0ubuntu2
updates main 1.5.9-0ubuntu1~20.04.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.5.9-0ubuntu1~20.04.4 2022-05-16 16:06:19 UTC

  containerd (1.5.9-0ubuntu1~20.04.4) focal-security; urgency=medium

  * SECURITY UPDATE: Insecure handling of image volumes
    - debian/patches/CVE-2022-23648.patch: Use fs.RootPath when mounting
    volumes. (LP: #1973054)
    - CVE-2022-23648

 -- Paulo Flabiano Smorigo <email address hidden> Thu, 12 May 2022 13:42:43 +0000

Source diff to previous version
1973054 containerd regression for CVE-2022-23648 in latest version 1.5.9-0ubuntu1~20.04.1
CVE-2022-23648 containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.1

Version: 1.5.5-0ubuntu3~20.04.2 2022-03-02 20:06:34 UTC

  containerd (1.5.5-0ubuntu3~20.04.2) focal-security; urgency=medium

  * SECURITY UPDATE: Insecure handling of image volumes
    - debian/patches/CVE-2022-23648.patch: Use fs.RootPath when mounting
    volumes.
    - CVE-2022-23648

 -- Paulo Flabiano Smorigo <email address hidden> Fri, 25 Feb 2022 20:15:25 +0000

Source diff to previous version

Version: 1.5.2-0ubuntu1~20.04.3 2021-10-04 18:06:20 UTC

  containerd (1.5.2-0ubuntu1~20.04.3) focal-security; urgency=medium

  * SECURITY UPDATE: insufficiently restricted directory permissions
    - debian/patches/1.5-reduce-directory-permissions.patch: reduce
      permissions for bundle dir in runtime/v1/linux/bundle.go,
      runtime/v1/linux/bundle_test.go, runtime/v2/bundle.go,
      runtime/v2/bundle_default.go, runtime/v2/bundle_linux.go,
      runtime/v2/bundle_linux_test.go, runtime/v2/bundle_test.go,
      snapshots/btrfs/btrfs.go.
    - CVE-2021-41103

 -- Marc Deslauriers <email address hidden> Wed, 29 Sep 2021 06:48:46 -0400

Source diff to previous version
CVE-2021-41103 RESERVED

Version: 1.5.2-0ubuntu1~20.04.2 2021-07-20 12:06:23 UTC

  containerd (1.5.2-0ubuntu1~20.04.2) focal-security; urgency=medium

  * SECURITY UPDATE: unexpected host file permission changes
    - debian/patches/1.5-Cleanup-lchmod-logic-in-archive.patch: cleanup
      lchmod logic in archive in archive/tar.go, archive/tar_freebsd.go,
      archive/tar_mostunix.go, archive/tar_test.go, archive/tar_unix.go,
      archive/tar_windows.go.
    - No CVE number yet

 -- Marc Deslauriers <email address hidden> Tue, 13 Jul 2021 12:55:38 -0400

Source diff to previous version

Version: 1.3.3-0ubuntu2.3 2021-03-17 15:07:15 UTC

  containerd (1.3.3-0ubuntu2.3) focal-security; urgency=medium

  * SECURITY UPDATE: environment variables can leak between containers
    - debian/patches/CVE-2021-21334.patch: append envs from image config to
      empty slice to avoid env lost in
      vendor/github.com/containerd/cri/pkg/server/container_create.go.
    - CVE-2021-21334

 -- Marc Deslauriers <email address hidden> Thu, 11 Mar 2021 11:16:18 -0500

CVE-2021-21334 In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation



About   -   Send Feedback to @ubuntu_updates