USN-6202-1

Source
https://ubuntu.com/security/notices/USN-6202-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-6202-1.json
Related
Published
2023-07-05T10:44:07.011213Z
Modified
2023-07-05T10:44:07.011213Z
Summary
containerd vulnerabilities
Details

David Korczynski and Adam Korczynski discovered that containerd incorrectly processed certain images with large files. An attacker could possibly use this issue to cause containerd to crash, resulting in a denial of service. (CVE-2023-25153)

It was discovered that containerd incorrectly set up supplementary groups inside a container. An attacker with direct access to the container could possibly use this issue to obtain sensitive information or execute code with higher privileges. (CVE-2023-25173)

References

Affected packages

Ubuntu:Pro:18.04:LTS / containerd

Package

Name
containerd

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.6.12-0ubuntu1~18.04.1+esm1

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "golang-github-containerd-containerd-dev": "1.6.12-0ubuntu1~18.04.1+esm1",
            "containerd": "1.6.12-0ubuntu1~18.04.1+esm1"
        }
    ]
}

Ubuntu:20.04:LTS / containerd

Package

Name
containerd

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.6.12-0ubuntu1~20.04.3

Ecosystem specific 

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "golang-github-containerd-containerd-dev": "1.6.12-0ubuntu1~20.04.3",
            "containerd": "1.6.12-0ubuntu1~20.04.3"
        }
    ]
}

Ubuntu:22.04:LTS / containerd

Package

Name
containerd

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.6.12-0ubuntu1~22.04.3

Ecosystem specific 

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "golang-github-containerd-containerd-dev": "1.6.12-0ubuntu1~22.04.3",
            "containerd": "1.6.12-0ubuntu1~22.04.3"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / containerd

Package

Name
containerd

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.2.6-0ubuntu1~16.04.6+esm4

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "golang-github-docker-containerd-dev": "1.2.6-0ubuntu1~16.04.6+esm4",
            "containerd": "1.2.6-0ubuntu1~16.04.6+esm4"
        }
    ]
}