Debian Security Advisory

DSA-5091-1 containerd -- security update

Date Reported:
06 Mar 2022
Affected Packages:
containerd
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2022-23648.
More information:

Felix Wilhelm discovered that the containerd container runtime was susceptible to information disclosure via malformed container images.

For the stable distribution (bullseye), this problem has been fixed in version 1.4.13~ds1-1~deb11u1.

We recommend that you upgrade your containerd packages.

For the detailed security status of containerd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/containerd