Amazon Linux 2022 Security Advisory: ALAS-2022-032
Advisory Release Date: 2022-03-01 01:07 Pacific
Advisory Updated Date: 2022-03-02 21:06 Pacific
A bug was found in containerd where containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd's CRI implementation. (CVE-2022-23648)
Affected Packages:
containerd
Issue Correction:
Run dnf update --releasever=2022.0.20220302 containerd to update your system.
aarch64:
containerd-stress-debuginfo-1.4.6-9.amzn2022.aarch64
containerd-stress-1.4.6-9.amzn2022.aarch64
containerd-debuginfo-1.4.6-9.amzn2022.aarch64
containerd-1.4.6-9.amzn2022.aarch64
containerd-debugsource-1.4.6-9.amzn2022.aarch64
i686:
containerd-debuginfo-1.4.6-9.amzn2022.i686
containerd-stress-debuginfo-1.4.6-9.amzn2022.i686
containerd-1.4.6-9.amzn2022.i686
containerd-debugsource-1.4.6-9.amzn2022.i686
containerd-stress-1.4.6-9.amzn2022.i686
src:
containerd-1.4.6-9.amzn2022.src
x86_64:
containerd-debuginfo-1.4.6-9.amzn2022.x86_64
containerd-stress-1.4.6-9.amzn2022.x86_64
containerd-stress-debuginfo-1.4.6-9.amzn2022.x86_64
containerd-1.4.6-9.amzn2022.x86_64
containerd-debugsource-1.4.6-9.amzn2022.x86_64