UbuntuUpdates.org

Package "containerd-app"

Name: containerd-app

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • daemon to control runC

Latest version: 2.2.1-0ubuntu1~24.04.3
Release: noble (24.04)
Level: updates
Repository: main

Links



Other versions of "containerd-app" in Noble

Repository Area Version
base main 1.7.12-0ubuntu4
security main 2.2.1-0ubuntu1~24.04.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.2.1-0ubuntu1~24.04.3 2026-06-25 15:07:39 UTC

  containerd-app (2.2.1-0ubuntu1~24.04.3) noble-security; urgency=high

  * SECURITY UPDATE: HTTP/2 SETTINGS frame infinite loop (vendored
    golang.org/x/net)
    - debian/patches/CVE-2026-33814.patch: move s.Valid() check before
      switch in ForeachSetting callback
    - CVE-2026-33814
  * SECURITY UPDATE: Uncontrolled Resource Consumption via unbounded
    group parsing
    - debian/patches/CVE-2026-47262.patch: bound user-database file
      reads in openUserFile, reject non-regular files
    - CVE-2026-47262
  * SECURITY UPDATE: Insufficient Verification of Data Authenticity in
    CRI checkpoint import
    - debian/patches/CVE-2026-50195.patch: remove re-tagging of restored
      checkpoint base images
    - CVE-2026-50195
  * SECURITY UPDATE: Reserved label propagation from image configs
    - debian/patches/CVE-2026-53488.patch: filter containerd.io/ and
      io.cri-containerd labels from image config
    - CVE-2026-53488
  * SECURITY UPDATE: UNIX Symbolic Link Following in CRI checkpoint
    restore
    - debian/patches/CVE-2026-53489.patch: add copyNoFollow,
      checkpointArchiveEntryAllowed, assertCheckpointDirSafe; use
      dedicated restore subdirectory
    - CVE-2026-53489
  * SECURITY UPDATE: Improper Input Validation of CDI annotations in
    checkpoint restore
    - debian/patches/CVE-2026-53492.patch: filter cdi.k8s.io
      annotations on checkpoint restore
    - CVE-2026-53492

 -- Eduardo Barretto <email address hidden> Mon, 22 Jun 2026 18:09:32 +0200

Source diff to previous version
CVE-2026-33814 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE

Version: 2.2.1-0ubuntu1~24.04.2 2026-04-08 06:08:04 UTC

  containerd-app (2.2.1-0ubuntu1~24.04.2) noble; urgency=medium

  * d/t/basic-smoke: use systemctl to start the service (LP: #2118738)

Source diff to previous version
2118738 containerd-app autopkgtest fails on all architectures because it does not wait for the daemon to start

Version: 1.7.28-0ubuntu1~24.04.2 2026-01-29 12:46:14 UTC

  containerd-app (1.7.28-0ubuntu1~24.04.2) noble-security; urgency=medium

  * SECURITY UPDATE: local priv escalation vulnerability
    - debian/patches/CVE-2024-25621.patch: Fix directory permissions
    - CVE-2024-25621
  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2025-64329.patch: fix goroutine leak of container
      attach
    - CVE-2025-64329

 -- Nishit Majithia <email address hidden> Wed, 28 Jan 2026 10:37:51 +0530

Source diff to previous version
CVE-2024-25621 containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.
CVE-2025-64329 containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 t

Version: 1.7.28-0ubuntu1~24.04.1 2025-10-07 12:07:07 UTC

  containerd-app (1.7.28-0ubuntu1~24.04.1) noble; urgency=medium

  * New upstream version 1.7.28 (LP: #2112523)
  * Build with Go 1.23.
    - d/control: b-d on golang-1.23-go instead of golang-1.22-go
    - d/rules: add Go 1.23 to $PATH

 -- Athos Ribeiro <email address hidden> Thu, 11 Sep 2025 13:55:37 -0300

Source diff to previous version

Version: 1.7.27-0ubuntu1~24.04.1 2025-05-29 20:09:01 UTC

  containerd-app (1.7.27-0ubuntu1~24.04.1) noble; urgency=medium

  * New upstream version 1.7.27. (LP: #2085187)
  * d/p/CVE-2024-40635.patch: drop patch applied upstream

 -- Athos Ribeiro <email address hidden> Thu, 03 Apr 2025 13:12:09 -0300

CVE-2024-40635 containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched w



About   -   Send Feedback to @ubuntu_updates