Upstream has issued an advisory on November 17: https://github.com/moby/moby/security/advisories/GHSA-xmmx-7jpf-fx42 The issue is fixed upstream in 1.4.12 and 1.5.8: https://github.com/containerd/containerd/releases/tag/v1.4.12 https://github.com/containerd/containerd/releases/tag/v1.5.8 It's also mentioned in the Docker/moby 20.10.11 release notes, but probably just because the upstream distribution bundles containerd: https://github.com/moby/moby/releases/tag/v20.10.11
Status comment: (none) => Fixed upstream in 1.4.12 and 1.5.8Whiteboard: (none) => MGA8TOO
Version 1.5.8 pushed to cauldron.
Status: NEW => ASSIGNED
Same version also pushed to updates_testing for mga8
Assignee: bruno => qa-bugs
docker-containerd-1.5.8-1.mga8 from docker-containerd-1.5.8-1.mga8.src.rpm
Status comment: Fixed upstream in 1.4.12 and 1.5.8 => (none)CC: (none) => brunoVersion: Cauldron => 8Whiteboard: MGA8TOO => (none)
mga8, x64 Updated docker-containerd and restarted the docker service. $ urpmq --requires docker | grep containerd docker: docker-containerd[>= 1.1.0] Followed the procedure in bug 29268. $ docker run hello-world Hello from Docker! This message shows that your installation appears to be working correctly. ................. $ docker run -it ubuntu root@14c631130af7:/# ls -l total 48 lrwxrwxrwx 1 root root 7 Jul 23 17:35 bin -> usr/bin drwxr-xr-x 2 root root 4096 Apr 15 2020 boot drwxr-xr-x 5 root root 360 Nov 25 17:45 dev drwxr-xr-x 1 root root 4096 Nov 25 17:45 etc ............ root@14c631130af7:/# ls bin '[' getopt rgrep addpart gpasswd rm ............. root@14c631130af7:/# exit exit $ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 14c631130af7 ubuntu "bash" 3 minutes ago Exited (0) 23 seconds ago youthful_satoshi 4ebe8822fac9 hello-world "/hello" 4 minutes ago Exited (0) 4 minutes ago funny_bhabha ........... $ docker rm 88f8321c5926 61f76f4e329d 22517f8bed0e 5b03ae090d6e 88f8321c5926 61f76f4e329d 22517f8bed0e 5b03ae090d6e $ docker run -it fedora:latest bash [root@07421e5a620a /]# dnf install ruby ............ Install 11 Packages Total download size: 4.4 M Installed size: 16 M Is this ok [y/N]: y ............... Installed: [.....] rubygems-3.2.22-149.fc34.noarch rubypick-1.1.1-14.fc34.noarch Complete! [root@07421e5a620a /]# ruby -e "puts Object.methods" ....... equal? instance_eval instance_exec __id__ __send__ [root@07421e5a620a /]# exit Good enough.
Whiteboard: (none) => MGA8-64-OKCC: (none) => tarazed25
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
CC: (none) => davidwhodginsKeywords: (none) => advisory
Fedora has issued an advisory for this today (December 1): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FLBBZYA3OFWVHHKTB5WOIIX6O7UI3YQS/
Upstream advisory for containerd itself: https://github.com/advisories/GHSA-5j5w-g665-5m35
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0531.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED