Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 850124 (CVE-2022-31030) - <app-containers/containerd-1.6.8: malicious container memory exhaustion
Summary: <app-containers/containerd-1.6.8: malicious container memory exhaustion
Status: RESOLVED FIXED
Alias: CVE-2022-31030
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/containerd/contain...
Whiteboard: B3 [glsa+]
Keywords:
Depends on: 865193
Blocks:
  Show dependency tree
 
Reported: 2022-06-06 17:36 UTC by John Helmert III
Modified: 2024-01-31 12:35 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-06 17:36:03 UTC
1.5.13 patch: https://github.com/containerd/containerd/commit/943588b54807f48ca545f7560a3def20501993de

1.6 patch incoming. Please bump.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-06 17:44:49 UTC
1.6.6 is released: https://github.com/containerd/containerd/releases/tag/v1.6.6 and references CVE-2022-31030, I'll assume that's the CVE that was assigned for this.
Comment 2 Larry the Git Cow gentoo-dev 2022-08-14 22:46:37 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9389aa377682ed856ef643b81244d22b6ef5c818

commit 9389aa377682ed856ef643b81244d22b6ef5c818
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2022-08-14 22:39:24 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2022-08-14 22:46:28 +0000

    app-containers/containerd: add 1.6.8
    
    Bug: https://bugs.gentoo.org/850124
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 app-containers/containerd/Manifest                |  2 +
 app-containers/containerd/containerd-1.6.8.ebuild | 85 +++++++++++++++++++++++
 2 files changed, 87 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2022-08-20 22:09:38 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=266d7143e68a36b50bf29b2f579fc38b99fabf01

commit 266d7143e68a36b50bf29b2f579fc38b99fabf01
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2022-08-20 22:02:46 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2022-08-20 22:02:46 +0000

    app-containers/docker: drop 20.10.12-r1, 20.10.14, 20.10.16
    
    Bug: https://bugs.gentoo.org/850124
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 app-containers/docker/Manifest                  |   3 -
 app-containers/docker/docker-20.10.12-r1.ebuild | 279 -----------------------
 app-containers/docker/docker-20.10.14.ebuild    | 280 ------------------------
 app-containers/docker/docker-20.10.16.ebuild    | 280 ------------------------
 4 files changed, 842 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4639f22272c5c72029eb8a50e846abc06280cd59

commit 4639f22272c5c72029eb8a50e846abc06280cd59
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2022-08-20 22:02:45 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2022-08-20 22:02:45 +0000

    app-containers/runc: drop 1.0.3, 1.1.0, 1.1.1, 1.1.2
    
    Bug: https://bugs.gentoo.org/850124
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 app-containers/runc/Manifest          |  4 --
 app-containers/runc/runc-1.0.3.ebuild | 78 -----------------------------------
 app-containers/runc/runc-1.1.0.ebuild | 77 ----------------------------------
 app-containers/runc/runc-1.1.1.ebuild | 78 -----------------------------------
 app-containers/runc/runc-1.1.2.ebuild | 78 -----------------------------------
 5 files changed, 315 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3cab5b60be05de921d317641ae2c9b6e3fd6983c

commit 3cab5b60be05de921d317641ae2c9b6e3fd6983c
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2022-08-20 22:02:45 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2022-08-20 22:02:45 +0000

    app-containers/docker-proxy: drop 0.8.0_p20210525, 0.8.0_p20220315
    
    Bug: https://bugs.gentoo.org/850124
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 app-containers/docker-proxy/Manifest               |  2 --
 .../docker-proxy-0.8.0_p20210525.ebuild            | 35 ----------------------
 .../docker-proxy-0.8.0_p20220315.ebuild            | 30 -------------------
 3 files changed, 67 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b690f5e5935653e847ea330b6770e1d233729b69

commit b690f5e5935653e847ea330b6770e1d233729b69
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2022-08-20 22:02:44 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2022-08-20 22:02:44 +0000

    app-containers/docker-cli: drop 20.10.12, 20.10.14, 20.10.16
    
    Bug: https://bugs.gentoo.org/850124
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 app-containers/docker-cli/Manifest                 |  3 -
 .../docker-cli/docker-cli-20.10.12.ebuild          | 66 ---------------------
 .../docker-cli/docker-cli-20.10.14.ebuild          | 67 ----------------------
 .../docker-cli/docker-cli-20.10.16.ebuild          | 67 ----------------------
 4 files changed, 203 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=57e57d7d51be6ae9ff8e05e54c32c2420efe65f6

commit 57e57d7d51be6ae9ff8e05e54c32c2420efe65f6
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2022-08-20 22:02:44 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2022-08-20 22:02:44 +0000

    app-containers/containerd: drop 1.5.11, 1.6.2, 1.6.4
    
    Bug: https://bugs.gentoo.org/850124
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 app-containers/containerd/Manifest                 |  5 --
 app-containers/containerd/containerd-1.5.11.ebuild | 84 ---------------------
 app-containers/containerd/containerd-1.6.2.ebuild  | 85 ----------------------
 app-containers/containerd/containerd-1.6.4.ebuild  | 85 ----------------------
 4 files changed, 259 deletions(-)
Comment 4 Larry the Git Cow gentoo-dev 2024-01-31 12:31:25 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=f9feb611eaa9a3e053e61253ddab0e4d85b21cd9

commit f9feb611eaa9a3e053e61253ddab0e4d85b21cd9
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-01-31 12:30:06 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-01-31 12:31:16 +0000

    [ GLSA 202401-31 ] containerd: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/802948
    Bug: https://bugs.gentoo.org/816315
    Bug: https://bugs.gentoo.org/834689
    Bug: https://bugs.gentoo.org/835917
    Bug: https://bugs.gentoo.org/850124
    Bug: https://bugs.gentoo.org/884803
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202401-31.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)