UbuntuUpdates.org

Package "containerd"

Name: containerd

Description:

daemon to control runC

Latest version: 1.6.12-0ubuntu1~20.04.3
Release: focal (20.04)
Level: security
Repository: main
Homepage: https://containerd.io

Links


Download "containerd"


Other versions of "containerd" in Focal

Repository Area Version
base main 1.3.3-0ubuntu2
updates main 1.7.12-0ubuntu2~20.04.1
proposed main 1.7.24-0ubuntu1~20.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.6.12-0ubuntu1~20.04.3 2023-07-05 09:07:04 UTC

  containerd (1.6.12-0ubuntu1~20.04.3) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of service through image processing
    - debian/patches/CVE-2023-25153.patch: limit the amount of
      bytes read to 20Mb in images/archive/importer.go.
    - CVE-2023-25153
  * SECURITY UPDATE: Incorrect supplementary group access control
    - debian/patches/CVE-2023-25173.patch: ensure that primary GID
      is included in the list of additionals GIDs in oci/spec_opts.go.
    - CVE-2023-25173
  * d/p/skip-test-setting-OOM-score-to-negative-number-in-unprivileged-mode.patch:
    fix a FTBFS in Ubuntu builders only.

 -- David Fernandez Gonzalez <email address hidden> Mon, 03 Jul 2023 16:20:54 +0200

Source diff to previous version
CVE-2023-25153 containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of b
CVE-2023-25173 containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not

Version: 1.5.9-0ubuntu1~20.04.6 2022-12-13 10:07:20 UTC

  containerd (1.5.9-0ubuntu1~20.04.6) focal-security; urgency=medium

  * SECURITY UPDATE: Memory exhaustion through Exec
    - debian/patches/CVE-2022-23471.patch: Prevent goroutine leak in Exec
      in pkg/cri/streaming/remotecommand/httpstream.go.
    - CVE-2022-23471
  * SECURITY UPDATE: Privilege escalation by inheritable file capabilities.
    - debian/patches/CVE-2022-24769.patch: Unassign the Inheritable
      capability in oci/spec.go and oci/spec_opts.go.
    - CVE-2022-24769
  * SECURITY UPDATE: Improper access to images due to imgcrypt.
    - debian/patches/CVE-2022-24778.patch: perform proper
      authentication by adding platforms in
      vendor/github.com/containerd/imgcrypt/images/
      encryption/encryption.go.
    - CVE-2022-24778
  * SECURITY UPDATE: Memory exhaustion through ExecSync.
    - debian/patches/CVE-2022-31030.patch: limit the response size
      of ExecSync in pkg/cri/server/container_execsync.go.
    - CVE-2022-31030

 -- David Fernandez Gonzalez <email address hidden> Mon, 12 Dec 2022 10:14:54 +0100

Source diff to previous version
CVE-2022-23471 containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In th
CVE-2022-24769 Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to
CVE-2022-24778 The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for
CVE-2022-31030 containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause th

Version: 1.5.9-0ubuntu1~20.04.5 2022-11-15 16:06:22 UTC

  containerd (1.5.9-0ubuntu1~20.04.5) focal-security; urgency=medium

  * No-change rebuild due to golang-1.13 update

 -- David Fernandez Gonzalez <email address hidden> Tue, 11 Oct 2022 02:43:53 +0200

Source diff to previous version

Version: 1.5.9-0ubuntu1~20.04.4 2022-05-16 16:06:19 UTC

  containerd (1.5.9-0ubuntu1~20.04.4) focal-security; urgency=medium

  * SECURITY UPDATE: Insecure handling of image volumes
    - debian/patches/CVE-2022-23648.patch: Use fs.RootPath when mounting
    volumes. (LP: #1973054)
    - CVE-2022-23648

 -- Paulo Flabiano Smorigo <email address hidden> Thu, 12 May 2022 13:42:43 +0000

Source diff to previous version
1973054 containerd regression for CVE-2022-23648 in latest version 1.5.9-0ubuntu1~20.04.1
CVE-2022-23648 containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.1

Version: 1.5.5-0ubuntu3~20.04.2 2022-03-02 20:06:34 UTC

  containerd (1.5.5-0ubuntu3~20.04.2) focal-security; urgency=medium

  * SECURITY UPDATE: Insecure handling of image volumes
    - debian/patches/CVE-2022-23648.patch: Use fs.RootPath when mounting
    volumes.
    - CVE-2022-23648

 -- Paulo Flabiano Smorigo <email address hidden> Fri, 25 Feb 2022 20:15:25 +0000




About   -   Send Feedback to @ubuntu_updates