You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa containerd

Sigurnosni nedostatak programskog paketa containerd

==========================================================================
Ubuntu Security Notice USN-4589-1
October 15, 2020

containerd vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

containerd could be made to expose sensitive information over the
network.

Software Description:
– containerd: daemon to control containers

Details:

It was discovered that containerd could be made to expose sensitive
information when processing URLs in container image manifests. A
remote attacker could use this to trick the user and obtain the
user’s registry credentials.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
containerd 1.2.6-0ubuntu1~16.04.4

After a standard system update you need to restart containerd to make
all the necessary changes.

References:
https://usn.ubuntu.com/4589-1
CVE-2020-15157

Package Information:
https://launchpad.net/ubuntu/+source/containerd/1.2.6-0ubuntu1~16.04.4
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEkCdEQ5T6DutSveCybUp5kL3izGYFAl+Is8UACgkQbUp5kL3i
zGa56BAAlAwCm0XG51HR7vFUULYV6+T4XRu2I8yN0KWAfcepTv0nvm7r5/rIF5rb
CgmBHt9fAVEn9omlTf9bJapl/R6i3yvCyPTf2IxZ2PYACPuKdKhoRm8nEeTrV9pS
MEkwWpQ6yNoavK83dO6a/yx8kowvfYNHa8RbFwCmGePRwG72OEECLhTDydEJQaLl
ear5E9q0Kx6S7AEVzSa3H95dvMP5yUjI0YLACnADkzZ66vzA86awQHJvEXv2HfEQ
rBYtDOSyerydC1ljSCWyKvUXh9A+r5AdHMbs/aXHSLyJt3CVvt1oh+6bbqRMMglp
Y+WzQWbvthq3n3pdbY4GfIf60QzRTcAK9BguIlFAvmnC3GkCLjB5eCcPQfpDtb0i
XUsH9kCTr4hxZeWdYX2uLahxenTtJ+UEATkCNG6XFuRHL74bUZyVlOAf6KVM+SyB
ckkE86yk0n5U5K6xwmgjuX7DAjwXoieGbwDI+y22jhcYnuBYdbn0yOyUkHKWNmGd
sqH08a0tnSVxa9Brg4r2MlQ0h+Iqg35sZcRX5vTKnlex1f5Q/7SFSeBcYZWlSt5s
ar1m+fhdJ/36eXI7Vs1CIgAPwjwYO7kznDLqZvr4XlIZp//vNPjCsVcZzOoxcHPh
X67AgvcaC59rJ+PaE1LOElALzqOn92MjO5xirI72UMZbxVqgPq8=
=3GBc
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja, izvršavanje proizvoljnog programskog koda,...

Close