UbuntuUpdates.org

Package "containerd"

Name: containerd

Description:

daemon to control runC

Latest version: 1.6.12-0ubuntu1~18.04.1
Release: bionic (18.04)
Level: updates
Repository: universe
Homepage: https://containerd.io

Links


Download "containerd"


Other versions of "containerd" in Bionic

Repository Area Version
base universe 0.2.5-0ubuntu2
security universe 1.5.9-0ubuntu1~18.04.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.6.12-0ubuntu1~18.04.1 2023-03-10 00:06:58 UTC

  containerd (1.6.12-0ubuntu1~18.04.1) bionic; urgency=medium

  * Backport version 1.6.12-0ubuntu1 from Lunar (LP: #1996909, #1996534).
    - d/rules: set GO111MODULE to off.
    - d/control: b-d on golang-1.18-go instead of golang-go.
    - d/rules: build with Golang 1.18.
    - d/control: do not b-d on libbtrfs-dev, it is not available in Bionic.
    - d/p/do-not-rebuild-manpage-during-installation.patch: avoid running go
      script during installation.

 -- Lucas Kanashiro <email address hidden> Thu, 17 Nov 2022 15:43:46 -0300

Source diff to previous version

Version: 1.5.9-0ubuntu1~18.04.2 2022-12-13 11:06:47 UTC

  containerd (1.5.9-0ubuntu1~18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Memory exhaustion through Exec
    - debian/patches/CVE-2022-23471.patch: Prevent goroutine leak in Exec
      in pkg/cri/streaming/remotecommand/httpstream.go.
    - CVE-2022-23471
  * SECURITY UPDATE: Privilege escalation by inheritable file capabilities.
    - debian/patches/CVE-2022-24769.patch: Unassign the Inheritable
      capability in oci/spec.go and oci/spec_opts.go.
    - CVE-2022-24769
  * SECURITY UPDATE: Improper access to images due to imgcrypt.
    - debian/patches/CVE-2022-24778.patch: perform proper
      authentication by adding platforms in
      vendor/github.com/containerd/imgcrypt/images/
      encryption/encryption.go.
    - CVE-2022-24778
  * SECURITY UPDATE: Memory exhaustion through ExecSync.
    - debian/patches/CVE-2022-31030.patch: limit the response size
      of ExecSync in pkg/cri/server/container_execsync.go.
    - CVE-2022-31030

 -- David Fernandez Gonzalez <email address hidden> Mon, 12 Dec 2022 16:33:42 +0100

Source diff to previous version
CVE-2022-23471 containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In th
CVE-2022-24769 Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to
CVE-2022-24778 The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for
CVE-2022-31030 containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause th

Version: 1.5.9-0ubuntu1~18.04.1 2022-11-21 12:06:18 UTC

  containerd (1.5.9-0ubuntu1~18.04.1) bionic; urgency=medium

  * Backport version 1.5.9-0ubuntu1 from Jammy (LP: #1955413, #1960449).
    - d/control: do not b-d on libbtrfs-dev, it is not available in Bionic.
    - d/control: b-d on golang-1.13-go instead of golang-go.
    - d/rules: set GO111MODULE to off, to avoid Internet connection during the
      build.

 -- Lucas Kanashiro <email address hidden> Wed, 09 Feb 2022 17:38:58 -0300

Source diff to previous version
1955413 Update to containerd 1.5.9

Version: 1.5.5-0ubuntu3~18.04.2 2022-03-02 22:07:15 UTC

  containerd (1.5.5-0ubuntu3~18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Insecure handling of image volumes
    - debian/patches/CVE-2022-23648.patch: Use fs.RootPath when mounting
    volumes.
    - CVE-2022-23648

 -- Paulo Flabiano Smorigo <email address hidden> Fri, 25 Feb 2022 20:16:34 +0000

Source diff to previous version

Version: 1.5.5-0ubuntu3~18.04.1 2021-11-04 19:07:25 UTC

  containerd (1.5.5-0ubuntu3~18.04.1) bionic; urgency=medium

  * Backport version 1.5.5-0ubuntu3 from Impish (LP: #1938908).
    - d/control: do not b-d on libbtrfs-dev, it is not available in Bionic.
    - d/control: b-d on golang-1.13-go instead of golang-go.
    - d/rules: set GO111MODULE to off, to avoid Internet connection during the
      build.




About   -   Send Feedback to @ubuntu_updates