CVE-2022-23471: containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers. Please bump to 1.16.12.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26865b14e96ce7fddc9915b5495d51529c6a1645 commit 26865b14e96ce7fddc9915b5495d51529c6a1645 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2023-01-02 22:21:46 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2023-01-02 22:21:46 +0000 app-containers/containerd: add 1.6.14 Bug: https://bugs.gentoo.org/884803 Signed-off-by: William Hubbs <williamh@gentoo.org> app-containers/containerd/Manifest | 2 + app-containers/containerd/containerd-1.6.14.ebuild | 84 ++++++++++++++++++++++ 2 files changed, 86 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1bed292b9e7921754f4466ad7aeb11dbfc9dbc3 commit b1bed292b9e7921754f4466ad7aeb11dbfc9dbc3 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2023-01-05 05:34:37 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2023-01-05 05:34:37 +0000 app-containers/runc: drop 1.1.3 Bug: https://bugs.gentoo.org/884803 Signed-off-by: William Hubbs <williamh@gentoo.org> app-containers/runc/Manifest | 1 - app-containers/runc/runc-1.1.3.ebuild | 78 ----------------------------------- 2 files changed, 79 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0013843059c418810080e61101c0424f76016c1e commit 0013843059c418810080e61101c0424f76016c1e Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2023-01-05 05:33:35 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2023-01-05 05:33:35 +0000 app-containers/containerd: drop 1.6.8 Bug: https://bugs.gentoo.org/884803 Signed-off-by: William Hubbs <williamh@gentoo.org> app-containers/containerd/Manifest | 2 - app-containers/containerd/containerd-1.6.8.ebuild | 85 ----------------------- 2 files changed, 87 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=f9feb611eaa9a3e053e61253ddab0e4d85b21cd9 commit f9feb611eaa9a3e053e61253ddab0e4d85b21cd9 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-31 12:30:06 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-31 12:31:16 +0000 [ GLSA 202401-31 ] containerd: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/802948 Bug: https://bugs.gentoo.org/816315 Bug: https://bugs.gentoo.org/834689 Bug: https://bugs.gentoo.org/835917 Bug: https://bugs.gentoo.org/850124 Bug: https://bugs.gentoo.org/884803 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-31.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+)
