It was discovered that containerd insufficiently restricted permissions on container root and plugin directories. If a user or automated system were tricked into launching a specially crafted container image, a remote attacker could traverse directory contents and modify files and execute programs on the host filesystem, possibly leading to privilege escalation.
{ "binaries": [ { "binary_name": "containerd", "binary_version": "1.5.2-0ubuntu1~18.04.3" }, { "binary_name": "containerd-dbgsym", "binary_version": "1.5.2-0ubuntu1~18.04.3" }, { "binary_name": "golang-github-containerd-containerd-dev", "binary_version": "1.5.2-0ubuntu1~18.04.3" }, { "binary_name": "golang-github-docker-containerd-dev", "binary_version": "1.5.2-0ubuntu1~18.04.3" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "containerd", "binary_version": "1.5.2-0ubuntu1~20.04.3" }, { "binary_name": "containerd-dbgsym", "binary_version": "1.5.2-0ubuntu1~20.04.3" }, { "binary_name": "golang-github-containerd-containerd-dev", "binary_version": "1.5.2-0ubuntu1~20.04.3" }, { "binary_name": "golang-github-docker-containerd-dev", "binary_version": "1.5.2-0ubuntu1~20.04.3" } ], "availability": "No subscription required" }