USN-5100-1: containerd vulnerability

04 October 2021

containerd would allow unintended access to files.

Releases

Packages

Details

It was discovered that containerd insufficiently restricted permissions on
container root and plugin directories. If a user or automated system were
tricked into launching a specially crafted container image, a remote
attacker could traverse directory contents and modify files and execute
programs on the host filesystem, possibly leading to privilege escalation.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 21.04
Ubuntu 20.04
Ubuntu 18.04

After a standard system update you need to restart containerd to make
all the necessary changes.

References