Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:4288-1

Опубликовано: 28 нояб. 2025
Источник: suse-cvrf

Описание

Security update for containerd

This update for containerd fixes the following issues:

  • Update to containerd v1.7.29
  • CVE-2024-25621: Fixed an overly broad default permission vulnerability. (bsc#1253126)
  • CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion on the host. (bsc#1253132)

Список пакетов

SUSE Enterprise Storage 7.1
containerd-1.7.29-150000.128.1
containerd-ctr-1.7.29-150000.128.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
containerd-1.7.29-150000.128.1
containerd-ctr-1.7.29-150000.128.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
containerd-1.7.29-150000.128.1
containerd-ctr-1.7.29-150000.128.1
containerd-devel-1.7.29-150000.128.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
containerd-1.7.29-150000.128.1
containerd-ctr-1.7.29-150000.128.1
containerd-devel-1.7.29-150000.128.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
containerd-1.7.29-150000.128.1
containerd-ctr-1.7.29-150000.128.1
containerd-devel-1.7.29-150000.128.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
containerd-1.7.29-150000.128.1
containerd-ctr-1.7.29-150000.128.1
containerd-devel-1.7.29-150000.128.1
SUSE Linux Enterprise Micro 5.2
containerd-1.7.29-150000.128.1
SUSE Linux Enterprise Micro 5.3
containerd-1.7.29-150000.128.1
SUSE Linux Enterprise Micro 5.4
containerd-1.7.29-150000.128.1
SUSE Linux Enterprise Micro 5.5
containerd-1.7.29-150000.128.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
containerd-1.7.29-150000.128.1
SUSE Linux Enterprise Module for Containers 15 SP6
containerd-1.7.29-150000.128.1
containerd-ctr-1.7.29-150000.128.1
containerd-devel-1.7.29-150000.128.1
SUSE Linux Enterprise Module for Containers 15 SP7
containerd-ctr-1.7.29-150000.128.1
containerd-devel-1.7.29-150000.128.1
SUSE Linux Enterprise Server 15 SP3-LTSS
containerd-1.7.29-150000.128.1
containerd-ctr-1.7.29-150000.128.1
SUSE Linux Enterprise Server 15 SP4-LTSS
containerd-1.7.29-150000.128.1
containerd-ctr-1.7.29-150000.128.1
containerd-devel-1.7.29-150000.128.1
SUSE Linux Enterprise Server 15 SP5-LTSS
containerd-1.7.29-150000.128.1
containerd-ctr-1.7.29-150000.128.1
containerd-devel-1.7.29-150000.128.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
containerd-1.7.29-150000.128.1
containerd-ctr-1.7.29-150000.128.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
containerd-1.7.29-150000.128.1
containerd-ctr-1.7.29-150000.128.1
containerd-devel-1.7.29-150000.128.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
containerd-1.7.29-150000.128.1
containerd-ctr-1.7.29-150000.128.1
containerd-devel-1.7.29-150000.128.1
openSUSE Leap 15.6
containerd-1.7.29-150000.128.1
containerd-ctr-1.7.29-150000.128.1
containerd-devel-1.7.29-150000.128.1

Ссылки

Описание

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths `/var/lib/containerd`, `/run/containerd/io.containerd.grpc.v1.cri` and `/run/containerd/io.containerd.sandbox.controller.v1.shim` were all created with incorrect permissions. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. Workarounds include updating system administrator permissions so the host can manually chmod the directories to not have group or world accessible permissions, or to run containerd in rootless mode.

Затронутые продукты
SUSE Enterprise Storage 7.1:containerd-1.7.29-150000.128.1
SUSE Enterprise Storage 7.1:containerd-ctr-1.7.29-150000.128.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:containerd-1.7.29-150000.128.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:containerd-ctr-1.7.29-150000.128.1
Ссылки

Описание

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources.

Затронутые продукты
SUSE Enterprise Storage 7.1:containerd-1.7.29-150000.128.1
SUSE Enterprise Storage 7.1:containerd-ctr-1.7.29-150000.128.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:containerd-1.7.29-150000.128.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:containerd-ctr-1.7.29-150000.128.1
Ссылки
Уязвимость SUSE-SU-2025:4288-1