Your message dated Sat, 06 Dec 2025 11:17:08 +0000
with message-id <[email protected]>
and subject line Bug#1120343: fixed in containerd 1.7.24~ds1-6+deb13u1
has caused the Debian Bug report #1120343,
regarding containerd: CVE-2025-64329
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1120343: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120343
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: containerd
Version: 1.7.24~ds1-6
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for containerd.
CVE-2025-64329[0]:
| containerd is an open-source container runtime. Versions 1.7.28 and
| below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and
| 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach
| implementation where a user can exhaust memory on the host due to
| goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7,
| 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up
| an admission controller to control accesses to pods/attach
| resources.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-64329
https://www.cve.org/CVERecord?id=CVE-2025-64329
[1]
https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2
[2]
https://github.com/containerd/containerd/commit/c575d1b5f4011f33b32f71ace75367a92b08c750
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: containerd
Source-Version: 1.7.24~ds1-6+deb13u1
Done: Reinhard Tartler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
containerd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Reinhard Tartler <[email protected]> (supplier of updated containerd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 17 Nov 2025 12:27:07 -0500
Source: containerd
Architecture: source
Version: 1.7.24~ds1-6+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: Debian Go Packaging Team <[email protected]>
Changed-By: Reinhard Tartler <[email protected]>
Closes: 1120343
Changes:
containerd (1.7.24~ds1-6+deb13u1) trixie-security; urgency=medium
.
* Fix overly broad directory permissions, Fixes: CVE-2024-25621
* Fix bug in the CRI Attach implementation, Fixes: CVE-2025-64329
Closes: #1120343
Checksums-Sha1:
e868b9d66c17713680b5130c1c305f29610020ed 5072
containerd_1.7.24~ds1-6+deb13u1.dsc
ed7bf084bf9b2a5218f7efb24ba521c8ce62f65e 1799264
containerd_1.7.24~ds1.orig.tar.xz
4246a80832268663a6de7e164be864200b08fa4d 36856
containerd_1.7.24~ds1-6+deb13u1.debian.tar.xz
ad692a58efc350b67e78ed3ee84eb0a5651e3617 10147
containerd_1.7.24~ds1-6+deb13u1_source.buildinfo
Checksums-Sha256:
466e6b029e2abcd1c9614043097cddd18d2383539a145be2cca1a33520d39532 5072
containerd_1.7.24~ds1-6+deb13u1.dsc
e35d88a79245e807aebf5d45eb17083c10cf54ad8b226c60c193a0fe0bbf5965 1799264
containerd_1.7.24~ds1.orig.tar.xz
f1941ebb04925fc2d5f0260a100ac7e3af76e4e75d1989cdfb57a607e6d9420f 36856
containerd_1.7.24~ds1-6+deb13u1.debian.tar.xz
c22ba5aee04f3e81751bbed64e52b6484c818279fe30e60b9652fde031a60ce1 10147
containerd_1.7.24~ds1-6+deb13u1_source.buildinfo
Files:
9b615e6a18a35c8f9591e92279fe3136 5072 admin optional
containerd_1.7.24~ds1-6+deb13u1.dsc
cc583fa77a063245d84ec074c68f3ce0 1799264 admin optional
containerd_1.7.24~ds1.orig.tar.xz
aeba18ea59ec290261574e3aae858661 36856 admin optional
containerd_1.7.24~ds1-6+deb13u1.debian.tar.xz
495221d960c30bedfac1b5646556fc3b 10147 admin optional
containerd_1.7.24~ds1-6+deb13u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEMN59F2OrlFLH4IJQSadpd5QoJssFAmkbW14UHHNpcmV0YXJ0
QHRhdXdhcmUuZGUACgkQSadpd5QoJss+8hAAsOEgZ6YcUmVV+8yrBztPaPAojiMv
/hPyBZ9TxGU9jrtOOQaooQ4O36Lxej2sZ2ECs/Te6YoRpLzTpFsfDNALknPwvVHq
Yuuz5X9CmMZj3uJB1SqKLl5n5ZvhQvtx660SxAvlj154uwp+2mE5leGKFdERYpTP
0JnmpfoFpOjXVDHkf/f7wUCcIkZV5PezY5WP96umx9GHG4IP1561KFlrqT42ZuMp
RE0IYGpFDiRysZJxHGimor9YJ70XzQxiY75OiT7fBPUMBTFTFKxbSBPd+jXX8pVI
bEPoHaDJ8IKfExOor/9NfKDojAJz5Ovdq06PBNEA/fA6P0TBxH4n8cV3E5D2l8Sr
lkqxHAqYY+EwI6Cb9GX9RA7tbIqRX2usDGIEQog8MYDKPB2fNBgEY+VAr4W/v5Tm
owgqPQeeYkhe76HApkic5wISURiX1avSgql3Piu02sZWxEXLfvl6jAYiCl1LRcEp
Bi7E61r/g0f51VGj/ByDZAXLxHtFL9/eQelRATd+Rta6xWYkfyh4VOUbBF4nm4NU
ypUu5laWMZMFklnmCUiXHhUiEiaG90mxZAB7VENJglNY+xT306odsKmn82WgbVrL
fwy9BlLLrREQ5ta6Q3tbIsDwA4DY+j2LJCbHkBPaUHMH84aJsQS0lCBOm5akhiuo
qe8vWtHofECwXH0=
=/oBT
-----END PGP SIGNATURE-----
pgpcKB9Kff4sC.pgp
Description: PGP signature
--- End Message ---
