Fedora has issued an advisory on April 11: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FPOJUJZXGMIVKRS4QR75F6OIXNQ6LDBL/ The issue is fixed upstream in 1.5.11: https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 1.5.11Whiteboard: (none) => MGA8TOO
cauldron version updated and pushed.
Status: NEW => ASSIGNEDCC: (none) => bruno
mga8 update pushed docker-containerd-1.5.11-1.mga8.src.rpm
Assignee: bruno => qa-bugs
Version: Cauldron => 8Status comment: Fixed upstream in 1.5.11 => (none)Whiteboard: MGA8TOO => (none)
mga8, x64 Started docker service. $ rpm -q docker-containerd docker-containerd-1.5.10-1.mga8 Ran preliminary check to make sure docker was running properly. Updated docker-containerd and restarted the docker daemon. $ rpm -q docker-containerd docker-containerd-1.5.11-1.mga8 $ docker run hello-world Hello from Docker! This message shows that your installation appears to be working correctly. ...... $ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f0c7a75f7e52 hello-world "/hello" 57 seconds ago Exited (0) 56 seconds ago sharp_chatelet .... $ docker run -it ubuntu bash Unable to find image 'ubuntu:latest' locally latest: Pulling from library/ubuntu e0b25ef51634: Pull complete Digest: sha256:9101220a875cee98b016668342c489ff0674f247f6ca20dfc91b91c0f28581ae Status: Downloaded newer image for ubuntu:latest root@7d3d6fac4655:/# exit exit $ docker pull fedora:latest latest: Pulling from library/fedora Digest: sha256:f1e3a29da8990568c1da6a460cf9658ee7e9b409aa39c2aded67f7ac1dfe7e8a Status: Image is up to date for fedora:latest docker.io/library/fedora:latest docker run -ti fedora:latest /bin/bash [root@61ad03b3bfc3 /]#dnf install ruby ruby-devel [...] Installing: ruby x86_64 3.0.2-151.fc35 fedora 41 k ruby-devel x86_64 3.0.2-151.fc35 fedora 267 k Installing dependencies: libpkgconf x86_64 1.8.0-1.fc35 fedora 36 k pkgconf x86_64 1.8.0-1.fc35 fedora 41 k [...] rubygems-3.2.22-151.fc35.noarch rubypick-1.1.1-15.fc35.noarch Complete! [root@61ad03b3bfc3 /]#exit $ docker run -it -h cowsay debian bash root@cowsay:/# apt-get update Get:1 http://security.debian.org/debian-security bullseye-security InRelease [44.1 kB] Get:2 http://deb.debian.org/debian bullseye InRelease [116 kB] Get:3 http://deb.debian.org/debian bullseye-updates InRelease [39.4 kB] Get:4 http://security.debian.org/debian-security bullseye-security/main amd64 Packages [125 kB] Get:5 http://deb.debian.org/debian bullseye/main amd64 Packages [8182 kB] Get:6 http://deb.debian.org/debian bullseye-updates/main amd64 Packages [2596 B] Fetched 8509 kB in 2s (4963 kB/s) Reading package lists... Done root@cowsay:/# apt-get install -y cowsay fortune Reading package lists... Done [...] Setting up perl (5.32.1-4+deb11u2) ... Setting up cowsay (3.03+dfsg2-8) ... Processing triggers for libc-bin (2.31-13+deb11u2) ... root@cowsay:/# /usr/games/fortune | /usr/games/cowsay _________________________________________ / FORTUNE PROVIDES QUESTIONS FOR THE \ | GREAT ANSWERS: #19 A: To be or not to | \ be. Q: What is the square root of 4b^2? / ----------------------------------------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || root@cowsay:/# /usr/games/fortune | /usr/games/cowsay _________________________________________ / Q: What's the difference between a dead \ | dog in the road and a dead | | lawyer in the road? A: There are skid | \ marks in front of the dog. / ----------------------------------------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || root@cowsay:/# exit That should do. docker works fine with the updated containerd.
Whiteboard: (none) => MGA8-64-OKCC: (none) => tarazed25
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0144.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED