Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Mageia 7-8 MGASA-2021-0248 Moderate: Containerd Environment Variable Issue

mageia
Calendar Grey June 13, 2021
Dist Mageia Esm H88
Revised docker-containerd versions address a security vulnerability that permitted improper environment variable sharing among different containers.
In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, ...

Summary

In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd's CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This v...

References

- https://bugs.mageia.org/show_bug.cgi?id=29003

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/

- https://www.cve.org/CVERecord?id=CVE-2021-21334

Resolution

SRPMS

- 7/core/docker-containerd-1.4.4-1.mga7

- 8/core/docker-containerd-1.4.4-1.mga8

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 13 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0248.html
Type: security
CVE: CVE-2021-21334

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here