USN-7374-1: containerd vulnerability
Ubuntu DesktopCanonical
Update from:USN-7374-1: containerd vulnerability
26 March 2025
containerd could be made to behave unexpectedly.
Releases
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
Packages
containerd - open and reliable container runtime
containerd-app - open and reliable container runtime
Details
Benjamin Koltermann discovered that containerd incorrectly handled large
user id values. This could result in containers possibly being run as root,
contrary to expectations.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 24.10
- containerd - 2.0.0~rc3-0ubuntu1.1
Ubuntu 24.04 - containerd - 1.7.24-0ubuntu1~24.04.2
- golang-github-containerd-containerd-dev - 1.6.24~ds1-1ubuntu1.2+esm1
Ubuntu 22.04 - containerd - 1.7.24-0ubuntu1~22.04.2
- golang-github-containerd-containerd-dev - 1.6.12-0ubuntu1~22.04.8
Ubuntu 20.04 - containerd - 1.7.24-0ubuntu1~20.04.2
- golang-github-containerd-containerd-dev - 1.6.12-0ubuntu1~20.04.8
Ubuntu 18.04 - containerd - 1.6.12-0ubuntu1~18.04.1+esm2
- golang-github-containerd-containerd-dev - 1.6.12Ubuntu1~18.04.1+esm2**
Ubuntu 16.04 - containerd - 1.2.6-0ubuntu1~16.04.6+esm5
- golang-github-docker-containerd-dev - 1.2.6-0ubuntu1~16.04.6+esm5
In general, a standard system update will make all the necessary changes.
