Important: containerd

🗓️ 25 Aug 2023 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 5 Views

Security issues in containerd on Unix, including setuid vulnerabilities and Host header validation.

Reporter	Title	Published	Views	Family All 511
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Data Scheduling was built with a vulnerable golang compiler. ( CVE-2023-29406, CVE-2023-29409 )	6 Dec 202315:44	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues	1 Dec 202316:06	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Node.js, Golang Go, HTTP/2, NGINX, OpenSSH, Linux kernel might affect IBM Spectrum Protect Plus	4 Feb 202518:15	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for October 2023	26 Mar 202504:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from systemd, libcap, openssl-libs, libxml2, go-toolset, and prometheus-operator	28 Aug 202308:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues	30 Nov 202318:45	–	ibm
IBM Security Bulletins	Security Bulletin: Operations Dashboard is vulnerable to header injection due to Golang Go	2 Oct 202316:06	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Golang Go affect Cloud Pak System	2 Jan 202411:59	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.0.1	16 Nov 202315:21	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Golang, openSSH and openJDK might affect IBM Spectrum Copy Data Management	15 Sep 202313:26	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	containerd	1.7.2-1.amzn2023.0.2	containerd-1.7.2-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	x86_64	containerd	1.7.2-1.amzn2023.0.2	containerd-1.7.2-1.amzn2023.0.2.x86_64.rpm
Amazon Linux	2	aarch64	containerd-debuginfo	1.7.2-1.amzn2023.0.2	containerd-debuginfo-1.7.2-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	x86_64	containerd-debuginfo	1.7.2-1.amzn2023.0.2	containerd-debuginfo-1.7.2-1.amzn2023.0.2.x86_64.rpm
Amazon Linux	2	aarch64	containerd-debugsource	1.7.2-1.amzn2023.0.2	containerd-debugsource-1.7.2-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	x86_64	containerd-debugsource	1.7.2-1.amzn2023.0.2	containerd-debugsource-1.7.2-1.amzn2023.0.2.x86_64.rpm
Amazon Linux	2	aarch64	containerd-stress	1.7.2-1.amzn2023.0.2	containerd-stress-1.7.2-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	x86_64	containerd-stress	1.7.2-1.amzn2023.0.2	containerd-stress-1.7.2-1.amzn2023.0.2.x86_64.rpm
Amazon Linux	2	aarch64	containerd-stress-debuginfo	1.7.2-1.amzn2023.0.2	containerd-stress-debuginfo-1.7.2-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	x86_64	containerd-stress-debuginfo	1.7.2-1.amzn2023.0.2	containerd-stress-debuginfo-1.7.2-1.amzn2023.0.2.x86_64.rpm

25 Aug 2023 00:00Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.17.8

EPSS0.0125

SSVC

containerd security issue setuid vulnerability host header validation cve-2023-29403 cve-2023-29406 unix platforms update instructions affected packages