==========================================================================
Ubuntu Security Notice USN-4589-1
October 15, 2020

containerd vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

containerd could be made to expose sensitive information over the
network.

Software Description:
– containerd: daemon to control containers

Details:

It was discovered that containerd could be made to expose sensitive
information when processing URLs in container image manifests. A
remote attacker could use this to trick the user and obtain the
user’s registry credentials.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
containerd 1.2.6-0ubuntu1~16.04.4

After a standard system update you need to restart containerd to make
all the necessary changes.

References:
https://usn.ubuntu.com/4589-1
CVE-2020-15157

Package Information:
https://launchpad.net/ubuntu/+source/containerd/1.2.6-0ubuntu1~16.04.4
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEkCdEQ5T6DutSveCybUp5kL3izGYFAl+Is8UACgkQbUp5kL3i
zGa56BAAlAwCm0XG51HR7vFUULYV6+T4XRu2I8yN0KWAfcepTv0nvm7r5/rIF5rb
CgmBHt9fAVEn9omlTf9bJapl/R6i3yvCyPTf2IxZ2PYACPuKdKhoRm8nEeTrV9pS
MEkwWpQ6yNoavK83dO6a/yx8kowvfYNHa8RbFwCmGePRwG72OEECLhTDydEJQaLl
ear5E9q0Kx6S7AEVzSa3H95dvMP5yUjI0YLACnADkzZ66vzA86awQHJvEXv2HfEQ
rBYtDOSyerydC1ljSCWyKvUXh9A+r5AdHMbs/aXHSLyJt3CVvt1oh+6bbqRMMglp
Y+WzQWbvthq3n3pdbY4GfIf60QzRTcAK9BguIlFAvmnC3GkCLjB5eCcPQfpDtb0i
XUsH9kCTr4hxZeWdYX2uLahxenTtJ+UEATkCNG6XFuRHL74bUZyVlOAf6KVM+SyB
ckkE86yk0n5U5K6xwmgjuX7DAjwXoieGbwDI+y22jhcYnuBYdbn0yOyUkHKWNmGd
sqH08a0tnSVxa9Brg4r2MlQ0h+Iqg35sZcRX5vTKnlex1f5Q/7SFSeBcYZWlSt5s
ar1m+fhdJ/36eXI7Vs1CIgAPwjwYO7kznDLqZvr4XlIZp//vNPjCsVcZzOoxcHPh
X67AgvcaC59rJ+PaE1LOElALzqOn92MjO5xirI72UMZbxVqgPq8=
=3GBc
—–END PGP SIGNATURE—–
—