You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.
AKS Information:
Patched containerd to reduce directory permissions. AKS versions 1.21 and below will now be running 1.4.9. AKS versions 1.22 and above will stay with 1.5.5 , only a same-version revision.
To get the patch, ensure you upgrade to at least the 2021-09-28 VHD.
AKS
-- | --
The text was updated successfully, but these errors were encountered:
This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs within 15 days of this comment.
This issue will now be closed because it hasn't had any activity for 7 days after stale. miwithro feel free to comment again on the next 7 days to reopen or open a new issue after that time if you still have a question/issue or suggestion.
ghost
locked as resolved and limited conversation to collaborators
Jan 10, 2022
This issue was closed.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Impact
A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.
AKS Information:
Patched containerd to reduce directory permissions. AKS versions 1.21 and below will now be running 1.4.9. AKS versions 1.22 and above will stay with 1.5.5 , only a same-version revision.
To get the patch, ensure you upgrade to at least the 2021-09-28 VHD.
AKS
-- | --
The text was updated successfully, but these errors were encountered: