This bug was fixed in the package containerd - 1.5.5-0ubuntu3~21.04.1
---------------
containerd (1.5.5-0ubuntu3~21.04.1) hirsute; urgency=medium
* Backport version 1.5.5-0ubuntu3 from Impish (LP: #1938908).
containerd (1.5.5-0ubuntu3) impish; urgency=medium
* SECURITY UPDATE: insufficiently restricted directory permissions
- debian/patches/1.5-reduce-directory-permissions.patch: reduce
permissions for bundle dir in runtime/v1/linux/bundle.go,
runtime/v1/linux/bundle_test.go, runtime/v2/bundle.go,
runtime/v2/bundle_default.go, runtime/v2/bundle_linux.go,
runtime/v2/bundle_linux_test.go, runtime/v2/bundle_test.go,
snapshots/btrfs/btrfs.go.
- CVE-2021-41103
containerd (1.5.5-0ubuntu2) impish; urgency=medium
* d/p/seccomp-support-clone3-syscall.patch: clone3 is explicitly requested
to give ENOSYS instead of the default EPERM, when CAP_SYS_ADMIN is unset.
(LP: #1943049).
-- Lucas Kanashiro <kanash...@ubuntu.com> Fri, 08 Oct 2021 11:37:00
-0300
** Changed in: containerd (Ubuntu Hirsute)
Status: Fix Committed => Fix Released
** Changed in: opengcs (Ubuntu Hirsute)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1938908
Title:
Backport the container stack in Impish
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/containerd/+bug/1938908/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
