==========================================================================
Ubuntu Security Notice USN-4653-1
November 30, 2020
containerd vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.10
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
containerd could be made to crash or run programs as an administrator
if it opened a specially crafted file.
Software Description:
– containerd: daemon to control runC
Details:
It was discovered that access controls for the shim’s API socket did not
restrict access to the abstract unix domain socket in some cases. An attacker
could use this vulnerability to run containers with elevated privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
containerd 1.3.7-0ubuntu3.1
Ubuntu 20.04 LTS:
containerd 1.3.3-0ubuntu2.1
Ubuntu 18.04 LTS:
containerd 1.3.3-0ubuntu1~18.04.3
Ubuntu 16.04 LTS:
containerd 1.2.6-0ubuntu1~16.04.5
After a standard system update you need to restart containerd to make
all the necessary changes.
References:
https://usn.ubuntu.com/4653-1
CVE-2020-15257
Package Information:
https://launchpad.net/ubuntu/+source/containerd/1.3.7-0ubuntu3.1
https://launchpad.net/ubuntu/+source/containerd/1.3.3-0ubuntu2.1
https://launchpad.net/ubuntu/+source/containerd/1.3.3-0ubuntu1~18.04.3
https://launchpad.net/ubuntu/+source/containerd/1.2.6-0ubuntu1~16.04.5
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEkCdEQ5T6DutSveCybUp5kL3izGYFAl/FYl4ACgkQbUp5kL3i
zGZ40w/+JamG+ou/wtO61wOdBTjYmIAb/AuZfBnIsiKCnY85h7kVb2iRo/LQltsV
w+Qm1uKxXYPiZy631GwSo0g49TeroLaE8qH9KGjcrteMAnWfLBcIo/ZBY3yIxZbx
kItKWfVnwNPy9QVr/lO5sNzOWK3Tjs1bSGP9KVGOwiMyglJSGh7BksHxmxVJPsav
8Nt8G8yYv7/XtzMqDQ6dA1i/gkRCTFcP6w9Pktbf1HtGo+3K0kF/C8NPY3NIJVIT
eM6mimKnmck1OWnolGhMl2WSzNABZiTsNJNQ9mRiXYJXGfU1Lih7IO9SG5wkzXhf
VGr/ht2InfVW7vmv/WnL0rzVlK3znj7XDF1LUpRLaBtP6N3jy2BT2yrPRe7KIqgZ
5XhnYhaPGmWTLFV0JfJrJDPb9aQQRtVR1KQZMEKGgiE7H0Xr2CDBn3esslTJVD4N
Rx6JX/vXSx17gdy7tfWuvavp+pByPLS9ywNAlFpBFqY32+KO7oFdJh8hBhjTQe6Z
GNMobCo5Adfx0JY5HF7kX7BxfU7LZ0uEHrgbpRY6fCC4MhV9KS6jpsID4CovwuPC
4NJBOJ9itgk0OO4BYLEFtyyL96v56x5p0GZB6XRTVJKoXM38o4C4am5J3tefdQYp
ZXrRf2Jn/9lSrZ57IdJjr/FTWivxh4fpt9CvmyRoWGRNNgTF4D0=
=h/N7
—–END PGP SIGNATURE—–
—