[ubuntu/focal-security] containerd 1.6.12-0ubuntu1~20.04.3 (Accepted)

David Fernandez Gonzalez david.fernandezgonzalez at canonical.com
Wed Jul 5 07:02:51 UTC 2023

containerd (1.6.12-0ubuntu1~20.04.3) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of service through image processing
    - debian/patches/CVE-2023-25153.patch: limit the amount of
      bytes read to 20Mb in images/archive/importer.go.
    - CVE-2023-25153
  * SECURITY UPDATE: Incorrect supplementary group access control
    - debian/patches/CVE-2023-25173.patch: ensure that primary GID
      is included in the list of additionals GIDs in oci/spec_opts.go.
    - CVE-2023-25173
  * d/p/skip-test-setting-OOM-score-to-negative-number-in-unprivileged-mode.patch:
    fix a FTBFS in Ubuntu builders only.

containerd (1.6.12-0ubuntu1~20.04.1) focal; urgency=medium

  * Backport version 1.6.12-0ubuntu1 from Lunar (LP: #1996909, #1996534).
    - d/rules: set GO111MODULE to off.
    - d/control: b-d on golang-1.18-go instead of golang-go.
    - d/rules: build with Golang 1.18.
    - d/p/do-not-rebuild-manpage-during-installation.patch: avoid running go
      script during installation.

containerd (1.6.12-0ubuntu1) lunar; urgency=medium

  * New upstream release.
    - Fixes CVE-2022-23471.

containerd (1.6.10-0ubuntu1) lunar; urgency=medium

  * New upstream release (LP: #1993392).

containerd (1.6.4-0ubuntu1) kinetic; urgency=medium

  * New upstream release.
  * Remove patches applied by upstream:
    - d/p/build-with-go1.18.patch
    - d/p/CVE-2022-23648.patch
  * d/p/build-gen-manpages-instead-of-go-run.patch: add upstream patch to
    avoid calling go run to build manpages.
  * d/rules: fix DESTDIR and PREFIX variables.

containerd (1.5.9-0ubuntu3) jammy; urgency=medium

  * d/p/build-with-go1.18.patch: fix FTBFS with Go 1.18 (LP: #1965157).
    In Go 1.17 the module graph has been changed to enable pruning and lazy
    loading, some changes to go.{mod,sum} files are needed. We were delaying
    the fix of this issue but now is the time.

containerd (1.5.9-0ubuntu2) jammy; urgency=medium

  * SECURITY UPDATE: Insecure handling of image volumes
    - debian/patches/CVE-2022-23648.patch: Use fs.RootPath when mounting
    - CVE-2022-23648

containerd (1.5.9-0ubuntu1) jammy; urgency=medium

  * New upstream release (LP: #1946851, #1955413).
  * Remove patches applied by upstream.

Date: 2023-07-04 11:42:11.524066+00:00
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list