USN-5100-1: containerd vulnerability
4 October 2021
containerd would allow unintended access to files.
Releases
Packages
- containerd - daemon to control runC
Details
It was discovered that containerd insufficiently restricted permissions on
container root and plugin directories. If a user or automated system were
tricked into launching a specially crafted container image, a remote
attacker could traverse directory contents and modify files and execute
programs on the host filesystem, possibly leading to privilege escalation.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04
Ubuntu 20.04
Ubuntu 18.04
After a standard system update you need to restart containerd to make
all the necessary changes.
References
Related notices
- USN-5521-1: golang-github-docker-containerd-dev, containerd