Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Mageia 8: 2021-0484 Moderate: Docker-Containerd Permission Change Threat

mageia
Calendar Grey October 23, 2021
Dist Mageia Esm H88
Recent updates to Docker-containerd rectify a critical security flaw that impacted permission settings, with comprehensive solutions being outlined.
A bug was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesys...

Summary

A bug was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.

References

- https://bugs.mageia.org/show_bug.cgi?id=29268

- https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w

- https://ubuntu.com/security/notices/USN-5012-1

-

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/

- https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq

- https://ubuntu.com/security/notices/USN-5100-1

- https://lists.suse.com/pipermail/sle-security-updates/2021-October/009566.html

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/M7ZZTABKTSJ5DYVDIQ7CVZG5HABGM2EC/

- https://www.cve.org/CVERecord?id=CVE-2021-32760

- https://www.cve.org/CVERecord?id=CVE-2021-41103

Topics%20covered

Topics Covered

security advisory file access exploitation permission change Mageia docker-containerd

Resolution

SRPMS

- 8/core/docker-containerd-1.5.7-1.mga8

Publication date: 23 Oct 2021
URL: https://advisories.mageia.org/MGASA-2021-0484.html
Type: security
CVE: CVE-2021-32760, CVE-2021-41103

Topics%20covered

Topics Covered

security advisory file access exploitation permission change Mageia docker-containerd

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here