Amazon Linux 2 Security Advisory: ALASNITRO-ENCLAVES-2022-015
Advisory Release Date: 2022-03-04 21:15 Pacific
Advisory Updated Date: 2022-03-04 21:15 Pacific
A bug was found in containerd where containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd's CRI implementation. (CVE-2022-23648)
Affected Packages:
containerd
Note:
This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update containerd to update your system.
aarch64:
containerd-1.4.6-8.amzn2.aarch64
containerd-stress-1.4.6-8.amzn2.aarch64
containerd-debuginfo-1.4.6-8.amzn2.aarch64
src:
containerd-1.4.6-8.amzn2.src
x86_64:
containerd-1.4.6-8.amzn2.x86_64
containerd-stress-1.4.6-8.amzn2.x86_64
containerd-debuginfo-1.4.6-8.amzn2.x86_64