UbuntuUpdates.org

Package "containerd-app"

Name: containerd-app

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • daemon to control runC

Latest version: 2.2.1-0ubuntu1~22.04.2
Release: jammy (22.04)
Level: updates
Repository: main

Links



Other versions of "containerd-app" in Jammy

Repository Area Version
security main 2.2.1-0ubuntu1~22.04.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.2.1-0ubuntu1~22.04.2 2026-06-25 15:07:34 UTC

  containerd-app (2.2.1-0ubuntu1~22.04.2) jammy-security; urgency=high

  * SECURITY UPDATE: HTTP/2 SETTINGS frame infinite loop (vendored
    golang.org/x/net)
    - debian/patches/CVE-2026-33814.patch: move s.Valid() check before
      switch in ForeachSetting callback
    - CVE-2026-33814
  * SECURITY UPDATE: Uncontrolled Resource Consumption via unbounded
    group parsing
    - debian/patches/CVE-2026-47262.patch: bound user-database file
      reads in openUserFile, reject non-regular files
    - CVE-2026-47262
  * SECURITY UPDATE: Insufficient Verification of Data Authenticity in
    CRI checkpoint import
    - debian/patches/CVE-2026-50195.patch: remove re-tagging of restored
      checkpoint base images
    - CVE-2026-50195
  * SECURITY UPDATE: Reserved label propagation from image configs
    - debian/patches/CVE-2026-53488.patch: filter containerd.io/ and
      io.cri-containerd labels from image config
    - CVE-2026-53488
  * SECURITY UPDATE: UNIX Symbolic Link Following in CRI checkpoint
    restore
    - debian/patches/CVE-2026-53489.patch: add copyNoFollow,
      checkpointArchiveEntryAllowed, assertCheckpointDirSafe; use
      dedicated restore subdirectory
    - CVE-2026-53489
  * SECURITY UPDATE: Improper Input Validation of CDI annotations in
    checkpoint restore
    - debian/patches/CVE-2026-53492.patch: filter cdi.k8s.io
      annotations on checkpoint restore
    - CVE-2026-53492

 -- Eduardo Barretto <email address hidden> Mon, 22 Jun 2026 18:09:30 +0200

Source diff to previous version
CVE-2026-33814 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE

Version: 2.2.1-0ubuntu1~22.04.1 2026-04-08 06:07:58 UTC

  containerd-app (2.2.1-0ubuntu1~22.04.1) jammy; urgency=medium

  * New upstream version 2.2.1 (LP: #2127661)
  * d/containerd.docs: update notice file
  * d/copyright: update copyright data
  * d/rules: fix path of containerd commands
  * d/p/0001-Skip-test-failing-on-riscv64.patch: refresh patch
  * d/p/0002-Skip-tests-*-privileg.patch: refresh patch

Source diff to previous version

Version: 1.7.28-0ubuntu1~22.04.1 2025-10-07 12:07:00 UTC

  containerd-app (1.7.28-0ubuntu1~22.04.1) jammy; urgency=medium

  * New upstream version 1.7.28 (LP: #2112523)
  * Build with Go 1.23.
    - d/control: b-d on golang-1.23-go instead of golang-1.22-go
    - d/rules: add Go 1.23 to $PATH

 -- Athos Ribeiro <email address hidden> Thu, 11 Sep 2025 13:59:47 -0300

Source diff to previous version

Version: 1.7.27-0ubuntu1~22.04.1 2025-05-29 22:07:24 UTC

  containerd-app (1.7.27-0ubuntu1~22.04.1) jammy; urgency=medium

  * New upstream version 1.7.27. (LP: #2085187)
  * d/p/CVE-2024-40635.patch: drop patch applied upstream

 -- Athos Ribeiro <email address hidden> Thu, 03 Apr 2025 13:13:56 -0300

Source diff to previous version
CVE-2024-40635 containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched w

Version: 1.7.24-0ubuntu1~22.04.2 2025-03-27 00:07:02 UTC

  containerd-app (1.7.24-0ubuntu1~22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Integer overflow.
    - debian/patches/CVE-2024-40635.patch: Add maxUserID and maxGroupID with
      limitations in ./oci/spec_opts.go.
    - CVE-2024-40635

 -- Hlib Korzhynskyy <email address hidden> Mon, 24 Mar 2025 17:51:42 -0230

CVE-2024-40635 containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched w



About   -   Send Feedback to @ubuntu_updates