Vulmon
Amazon Linux 2 Security Advisory: ALASECS-2023-024
Advisory Release Date: 2023-11-09 20:27 Pacific
Advisory Updated Date: 2023-11-15 23:19 Pacific
A bug was found in containerd where containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd's CRI implementation. (CVE-2022-23648)
Affected Packages:
containerd
This advisory is applicable to Amazon Linux 2 - Ecs extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for difference between AL2 core and AL2 extras advisories.
Issue Correction:
Run yum update containerd to update your system.
aarch64:
containerd-1.4.6-8.amzn2.aarch64
containerd-stress-1.4.6-8.amzn2.aarch64
containerd-debuginfo-1.4.6-8.amzn2.aarch64
src:
containerd-1.4.6-8.amzn2.src
x86_64:
containerd-1.4.6-8.amzn2.x86_64
containerd-stress-1.4.6-8.amzn2.x86_64
containerd-debuginfo-1.4.6-8.amzn2.x86_64