CVE-2022-23648: containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue. Fix in 1.4.12, and 1.5.10. Please bump the 1.5 branch and cleanup as appropriate.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=f9feb611eaa9a3e053e61253ddab0e4d85b21cd9 commit f9feb611eaa9a3e053e61253ddab0e4d85b21cd9 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-31 12:30:06 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-31 12:31:16 +0000 [ GLSA 202401-31 ] containerd: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/802948 Bug: https://bugs.gentoo.org/816315 Bug: https://bugs.gentoo.org/834689 Bug: https://bugs.gentoo.org/835917 Bug: https://bugs.gentoo.org/850124 Bug: https://bugs.gentoo.org/884803 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-31.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+)
