[ubuntu/bionic-security] containerd 1.5.9-0ubuntu1~18.04.2 (Accepted)

David Fernandez Gonzalez david.fernandezgonzalez at canonical.com
Tue Dec 13 07:44:05 UTC 2022 

containerd (1.5.9-0ubuntu1~18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Memory exhaustion through Exec
    - debian/patches/CVE-2022-23471.patch: Prevent goroutine leak in Exec
      in pkg/cri/streaming/remotecommand/httpstream.go.
    - CVE-2022-23471
  * SECURITY UPDATE: Privilege escalation by inheritable file capabilities.
    - debian/patches/CVE-2022-24769.patch: Unassign the Inheritable
      capability in oci/spec.go and oci/spec_opts.go.
    - CVE-2022-24769
  * SECURITY UPDATE: Improper access to images due to imgcrypt.
    - debian/patches/CVE-2022-24778.patch: perform proper
      authentication by adding platforms in 
      vendor/github.com/containerd/imgcrypt/images/
      encryption/encryption.go.
    - CVE-2022-24778
  * SECURITY UPDATE: Memory exhaustion through ExecSync.
    - debian/patches/CVE-2022-31030.patch: limit the response size
      of ExecSync in pkg/cri/server/container_execsync.go.
    - CVE-2022-31030

containerd (1.5.9-0ubuntu1~18.04.1) bionic; urgency=medium

  * Backport version 1.5.9-0ubuntu1 from Jammy (LP: #1955413, #1960449).
    - d/control: do not b-d on libbtrfs-dev, it is not available in Bionic.
    - d/control: b-d on golang-1.13-go instead of golang-go.
    - d/rules: set GO111MODULE to off, to avoid Internet connection during the
      build.

containerd (1.5.9-0ubuntu1) jammy; urgency=medium

  * New upstream release (LP: #1946851, #1955413).
  * Remove patches applied by upstream.

containerd (1.5.5-0ubuntu3) impish; urgency=medium

  * SECURITY UPDATE: insufficiently restricted directory permissions
    - debian/patches/1.5-reduce-directory-permissions.patch: reduce
      permissions for bundle dir in runtime/v1/linux/bundle.go,
      runtime/v1/linux/bundle_test.go, runtime/v2/bundle.go,
      runtime/v2/bundle_default.go, runtime/v2/bundle_linux.go,
      runtime/v2/bundle_linux_test.go, runtime/v2/bundle_test.go,
      snapshots/btrfs/btrfs.go.
    - CVE-2021-41103

Date: 2022-12-12 15:41:09.075462+00:00
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
https://launchpad.net/ubuntu/+source/containerd/1.5.9-0ubuntu1~18.04.2
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list