Source: containerd Version: 1.7.24~ds1-6 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for containerd. CVE-2025-64329[0]: | containerd is an open-source container runtime. Versions 1.7.28 and | below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and | 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach | implementation where a user can exhaust memory on the host due to | goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, | 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up | an admission controller to control accesses to pods/attach | resources. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-64329 https://www.cve.org/CVERecord?id=CVE-2025-64329 [1] https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2 [2] https://github.com/containerd/containerd/commit/c575d1b5f4011f33b32f71ace75367a92b08c750 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
