USN-4653-1: containerd vulnerability

🗓️ 30 Nov 2020 21:04:43Reported by UbuntuType

ubuntu

ubuntu🔗 ubuntu.com👁 75 Views

Containerd vulnerability in Ubuntu 20.10, 20.04 LTS, 18.04 ESM, and 16.04 ESM

Reporter	Title	Published	Views	Family All 115
IBM Security Bulletins	Security Bulletin: IBM Cloud Kubernetes Service is affected by a containerd security vulnerability (CVE-2020–15257)	18 Dec 202015:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to an issue in OPM and Golang Go packages (CVE-2020-15257, CVE-2021-21334 and CVE-2021-41771)	8 Jul 202207:37	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to assorted vulnerabilities in Grafana	19 Jul 202421:46	–	ibm
ATTACKERKB	CVE-2020-15257	1 Dec 202000:00	–	attackerkb
Tenable Nessus	Amazon Linux 2 : containerd (ALASECS-2023-030)	16 Nov 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : containerd, containerd-stress (ALAS-2020-1455)	30 Nov 202000:00	–	nessus
Tenable Nessus	Debian DSA-4865-1 : docker.io - security update	1 Mar 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : kata-containers (EulerOS-SA-2021-1245)	5 Feb 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : kata-containers (EulerOS-SA-2021-1264)	5 Feb 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP5 : docker-engine (EulerOS-SA-2022-1886)	17 Jun 202200:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	16.04	any	containerd	1.2.6-0ubuntu1~16.04.5	containerd_1.2.6-0ubuntu1~16.04.5_any.deb
Ubuntu	18.04	any	containerd	1.3.3-0ubuntu1~18.04.3	containerd_1.3.3-0ubuntu1~18.04.3_any.deb
Ubuntu	20.04	any	containerd	1.3.3-0ubuntu2.1	containerd_1.3.3-0ubuntu2.1_any.deb
Ubuntu	20.10	any	containerd	1.3.7-0ubuntu3.1	containerd_1.3.7-0ubuntu3.1_any.deb

30 Nov 2020 21:04Current

6.5Medium risk

Vulners AI Score6.5

CVSS 23.6

CVSS 3.15.2

EPSS0.12378

releases ubuntu packages access controls shim's api socket unix domain socket elevated privileges