[ubuntu/bionic-security] containerd 1.5.5-0ubuntu3~18.04.2 (Accepted)

Paulo Flabiano Smorigo pfsmorigo at canonical.com
Wed Mar 2 19:14:23 UTC 2022

containerd (1.5.5-0ubuntu3~18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Insecure handling of image volumes
    - debian/patches/CVE-2022-23648.patch: Use fs.RootPath when mounting
    - CVE-2022-23648

containerd (1.5.5-0ubuntu3~18.04.1) bionic; urgency=medium

  * Backport version 1.5.5-0ubuntu3 from Impish (LP: #1938908).
    - d/control: do not b-d on libbtrfs-dev, it is not available in Bionic.
    - d/control: b-d on golang-1.13-go instead of golang-go.
    - d/rules: set GO111MODULE to off, to avoid Internet connection during the

containerd (1.5.5-0ubuntu3) impish; urgency=medium

  * SECURITY UPDATE: insufficiently restricted directory permissions
    - debian/patches/1.5-reduce-directory-permissions.patch: reduce
      permissions for bundle dir in runtime/v1/linux/bundle.go,
      runtime/v1/linux/bundle_test.go, runtime/v2/bundle.go,
      runtime/v2/bundle_default.go, runtime/v2/bundle_linux.go,
      runtime/v2/bundle_linux_test.go, runtime/v2/bundle_test.go,
    - CVE-2021-41103

containerd (1.5.5-0ubuntu2) impish; urgency=medium

  * d/p/seccomp-support-clone3-syscall.patch: clone3 is explicitly requested
    to give ENOSYS instead of the default EPERM, when CAP_SYS_ADMIN is unset.
    (LP: #1943049).

containerd (1.5.5-0ubuntu1) impish; urgency=medium

  * New upstream release.
  * Bump debhelper compatibility level to 11.
    - d/rules: remove the unneeded --with=systemd from the dh call.
    - d/rules: override dh_installsystemd instead of dh_installinit.

containerd (1.5.2-0ubuntu1) impish; urgency=medium

  * New upstream release.
  * d/p/skip-tests-with-privilege.patch: add a patch to skip tests which
    require a certain level of privilege not achievable in the build

Date: 2022-02-25 20:23:12.460674+00:00
Changed-By: Paulo Flabiano Smorigo <pfsmorigo at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list