UbuntuUpdates.org

Package "golang-github-containerd-containerd-dev"

Name: golang-github-containerd-containerd-dev

Description:

runC develpoment files
Latest version: 1.6.12-0ubuntu1~22.04.7
Release: jammy (22.04)
Level: updates
Repository: universe
Head package: containerd
Homepage: https://containerd.io

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "golang-github-containerd-containerd-dev"

All arch deb package
APT INSTALL

Other versions of "golang-github-containerd-containerd-dev" in Jammy

Repository Area Version
base universe 1.5.9-0ubuntu3
security universe 1.6.12-0ubuntu1~22.04.7

Changelog

Version: 1.5.9-0ubuntu3.1 2022-12-13 11:06:52 UTC

  containerd (1.5.9-0ubuntu3.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Memory exhaustion through Exec
    - debian/patches/CVE-2022-23471.patch: Prevent goroutine leak in Exec
      in pkg/cri/streaming/remotecommand/httpstream.go.
    - CVE-2022-23471
  * SECURITY UPDATE: Privilege escalation by inheritable file capabilities.
    - debian/patches/CVE-2022-24769.patch: Unassign the Inheritable
      capability in oci/spec.go and oci/spec_opts.go.
    - CVE-2022-24769
  * SECURITY UPDATE: Improper access to images due to imgcrypt.
    - debian/patches/CVE-2022-24778.patch: perform proper
      authentication by adding platforms in
      vendor/github.com/containerd/imgcrypt/images/
      encryption/encryption.go.
    - CVE-2022-24778
  * SECURITY UPDATE: Memory exhaustion through ExecSync.
    - debian/patches/CVE-2022-31030.patch: limit the response size
      of ExecSync in pkg/cri/server/container_execsync.go.
    - CVE-2022-31030

 -- David Fernandez Gonzalez <email address hidden> Mon, 12 Dec 2022 11:31:33 +0100
CVE-2022-23471 containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In th
CVE-2022-24769 Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to
CVE-2022-24778 The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for
CVE-2022-31030 containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause th


About   -   Send Feedback to @ubuntu_updates