[Buildroot] [PATCH] package/docker-containerd: security bump to version 1.4.3

Peter Korsgaard peter at korsgaard.com
Wed Dec 2 07:16:56 UTC 2020

>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issue:
 > - CVE-2020-15257: Access controls for the shim’s API socket verified that
 >   the connecting process had an effective UID of 0, but did not otherwise
 >   restrict access to the abstract Unix domain socket.  This would allow
 >   malicious containers running in the same network namespace as the shim,
 >   with an effective UID of 0 but otherwise reduced privileges, to cause new
 >   processes to be run with elevated privileges.

 > For more details, see the advisory:
 > https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed, thanks.

Bye, Peter Korsgaard

More information about the buildroot mailing list