MGASA-2022-0088

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2022-0088.html

Import Source

https://advisories.mageia.org/MGASA-2022-0088.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2022-0088

Related

CVE-2022-23648

Published

2022-03-06T10:40:17Z

Modified

2022-03-06T09:57:07Z

Summary

Updated docker-containerd packages fix security vulnerability

Details

A bug was found in containerd where containers launched through containerdâs CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerdâs CRI implementation. (CVE-2022-23648)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / docker-containerd

Package

Name: docker-containerd
Purl: pkg:rpm/mageia/docker-containerd?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.10-1.mga8

Ecosystem specific

{
    "section": "core"
}