USN-5100-1: containerd vulnerability
04 October 2021
containerd would allow unintended access to files.
- containerd - daemon to control runC
It was discovered that containerd insufficiently restricted permissions on
container root and plugin directories. If a user or automated system were
tricked into launching a specially crafted container image, a remote
attacker could traverse directory contents and modify files and execute
programs on the host filesystem, possibly leading to privilege escalation.
The problem can be corrected by updating your system to the following package versions:
After a standard system update you need to restart containerd to make
all the necessary changes.