[Buildroot] [PATCH] package/docker-containerd: security bump to version 1.4.3
Peter Korsgaard
peter at korsgaard.com
Wed Dec 2 07:16:56 UTC 2020
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issue:
> - CVE-2020-15257: Access controls for the shim’s API socket verified that
> the connecting process had an effective UID of 0, but did not otherwise
> restrict access to the abstract Unix domain socket. This would allow
> malicious containers running in the same network namespace as the shim,
> with an effective UID of 0 but otherwise reduced privileges, to cause new
> processes to be run with elevated privileges.
> For more details, see the advisory:
> https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list