USN-5012-1: containerd vulnerabilities
20 July 2021
containerd could be made to overwrite file permissions.
- containerd - daemon to control runC
It was discovered that containerd incorrectly handled file permission
changes. If a user or automated system were tricked into launching a
specially crafted container image, a remote attacker could change
permissions on files on the host filesystem and possibly escalate
The problem can be corrected by updating your system to the following package versions:
After a standard system update you need to restart containerd to make
all the necessary changes.