Benjamin Koltermann discovered that containerd incorrectly handled large user id values. This could result in containers possibly being run as root, contrary to expectations.
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_version": "1.6.12-0ubuntu1~18.04.1+esm2", "binary_name": "containerd" }, { "binary_version": "1.6.12-0ubuntu1~18.04.1+esm2", "binary_name": "containerd-dbgsym" }, { "binary_version": "1.6.12-0ubuntu1~18.04.1+esm2", "binary_name": "golang-github-containerd-containerd-dev" } ] }