OESA-2025-1324 containerd security update

containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

podman: Containers run as non-root users do not drop capabilities

It has been discovered that podman does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container...