Vulmon
Amazon Linux 2 Security Advisory: ALASNITRO-ENCLAVES-2022-015
Advisory Release Date: 2022-03-04 21:15 Pacific
Advisory Updated Date: 2022-03-04 21:15 Pacific
Severity:
Medium
References:
CVE-2022-23648
Issue Overview:
A bug was found in containerd where containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd's CRI implementation. (CVE-2022-23648)
Affected Packages:
containerd
Issue Correction:
Run yum update containerd to update your system.
New Packages:
aarch64:
containerd-1.4.6-8.amzn2.aarch64
containerd-stress-1.4.6-8.amzn2.aarch64
containerd-debuginfo-1.4.6-8.amzn2.aarch64
src:
containerd-1.4.6-8.amzn2.src
x86_64:
containerd-1.4.6-8.amzn2.x86_64
containerd-stress-1.4.6-8.amzn2.x86_64
containerd-debuginfo-1.4.6-8.amzn2.x86_64