Ubuntu Security Notice USN-6202-1

Ubuntu Security Notice USN-6202-1: Posted Jul 5, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6202-1 - David Korczynski and Adam Korczynski discovered that containerd incorrectly processed certain images with large files. An attacker could possibly use this issue to cause containerd to crash, resulting in a denial of service. It was discovered that containerd incorrectly set up supplementary groups inside a container. An attacker with direct access to the container could possibly use this issue to obtain sensitive information or execute code with higher privileges.; tags | advisory, denial of service; systems | linux, ubuntu; advisories | CVE-2023-25153, CVE-2023-25173; SHA-256 | e823ee1989c015b6a3a78bab272a96fe9d1b6c3c47bcc98a5f571ddfb1e8ba56; Download | Favorite | View

Ubuntu Security Notice USN-6202-1

==========================================================================
Ubuntu Security Notice USN-6202-1
July 05, 2023

containerd vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in containerd.

Software Description:
- containerd: daemon to control runC

Details:

David Korczynski and Adam Korczynski discovered that containerd
incorrectly processed certain images with large files. An attacker
could possibly use this issue to cause containerd to crash,
resulting in a denial of service. (CVE-2023-25153)

It was discovered that containerd incorrectly set up supplementary
groups inside a container. An attacker with direct access to the
container could possibly use this issue to obtain sensitive information
or execute code with higher privileges. (CVE-2023-25173)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
   containerd                      1.6.12-0ubuntu3.1

Ubuntu 22.10:
   containerd                      1.6.12-0ubuntu1~22.10.2

Ubuntu 22.04 LTS:
   containerd                      1.6.12-0ubuntu1~22.04.3

Ubuntu 20.04 LTS:
   containerd                      1.6.12-0ubuntu1~20.04.3

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   containerd                      1.6.12-0ubuntu1~18.04.1+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   containerd                      1.2.6-0ubuntu1~16.04.6+esm4

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6202-1
   CVE-2023-25153, CVE-2023-25173

Package Information:
https://launchpad.net/ubuntu/+source/containerd/1.6.12-0ubuntu3.1
https://launchpad.net/ubuntu/+source/containerd/1.6.12-0ubuntu1~22.10.2
https://launchpad.net/ubuntu/+source/containerd/1.6.12-0ubuntu1~22.04.3
https://launchpad.net/ubuntu/+source/containerd/1.6.12-0ubuntu1~20.04.3

Top Authors In Last 30 Days

Red Hat 227 files
indoushka 138 files
Ubuntu 73 files
Gentoo 33 files
Debian 28 files
Sebastian Hamann 8 files
Jann Horn 7 files
Moritz Abrell 6 files
Jaggar Henry 6 files
Google Security Research 6 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,112)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,945)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,659)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,783)
UNIX (9,443)
UnixWare (187)
Windows (6,679)
Other

Ubuntu Security Notice USN-6202-1

Ubuntu Security Notice USN-6202-1

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-6202-1

Share This

Ubuntu Security Notice USN-6202-1

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems