Login
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in containerd
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in containerd
ID: USN-4589-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS
Datum: Do, 15. Oktober 2020, 23:56
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157
Applikationen: containerd

Originalnachricht


--===============1834444326338494551==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="23ao4mqjc6vsi42p"
Content-Disposition: inline


--23ao4mqjc6vsi42p
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


==========================================================================
Ubuntu Security Notice USN-4589-1
October 15, 2020

containerd vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

containerd could be made to expose sensitive information over the
network.

Software Description:
- containerd: daemon to control containers

Details:

It was discovered that containerd could be made to expose sensitive
information when processing URLs in container image manifests. A
remote attacker could use this to trick the user and obtain the
user's registry credentials.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
containerd 1.2.6-0ubuntu1~16.04.4

After a standard system update you need to restart containerd to make
all the necessary changes.

References:
https://usn.ubuntu.com/4589-1
CVE-2020-15157

Package Information:
https://launchpad.net/ubuntu/+source/containerd/1.2.6-0ubuntu1~16.04.4

--23ao4mqjc6vsi42p
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEkCdEQ5T6DutSveCybUp5kL3izGYFAl+Is8UACgkQbUp5kL3i
zGa56BAAlAwCm0XG51HR7vFUULYV6+T4XRu2I8yN0KWAfcepTv0nvm7r5/rIF5rb
CgmBHt9fAVEn9omlTf9bJapl/R6i3yvCyPTf2IxZ2PYACPuKdKhoRm8nEeTrV9pS
MEkwWpQ6yNoavK83dO6a/yx8kowvfYNHa8RbFwCmGePRwG72OEECLhTDydEJQaLl
ear5E9q0Kx6S7AEVzSa3H95dvMP5yUjI0YLACnADkzZ66vzA86awQHJvEXv2HfEQ
rBYtDOSyerydC1ljSCWyKvUXh9A+r5AdHMbs/aXHSLyJt3CVvt1oh+6bbqRMMglp
Y+WzQWbvthq3n3pdbY4GfIf60QzRTcAK9BguIlFAvmnC3GkCLjB5eCcPQfpDtb0i
XUsH9kCTr4hxZeWdYX2uLahxenTtJ+UEATkCNG6XFuRHL74bUZyVlOAf6KVM+SyB
ckkE86yk0n5U5K6xwmgjuX7DAjwXoieGbwDI+y22jhcYnuBYdbn0yOyUkHKWNmGd
sqH08a0tnSVxa9Brg4r2MlQ0h+Iqg35sZcRX5vTKnlex1f5Q/7SFSeBcYZWlSt5s
ar1m+fhdJ/36eXI7Vs1CIgAPwjwYO7kznDLqZvr4XlIZp//vNPjCsVcZzOoxcHPh
X67AgvcaC59rJ+PaE1LOElALzqOn92MjO5xirI72UMZbxVqgPq8=
=3GBc
-----END PGP SIGNATURE-----

--23ao4mqjc6vsi42p--


--===============1834444326338494551==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung