Debian alert DLA-4467-1 (containerd)
| From: | Arnaud Rebillout <arnaudr@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 4467-1] containerd security update | |
| Date: | Thu, 05 Feb 2026 12:03:23 +0700 | |
| Message-ID: | <ac6f6585e1e788da4272869e9a951950@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4467-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Arnaud Rebillout February 05, 2026 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : containerd Version : 1.4.13~ds1-1~deb11u6 CVE ID : CVE-2024-25621 CVE-2025-64329 Debian Bug : 1120285 1120343 Multiple vulnerabilities were discovered in containerd, an open-source container runtime, used by e.g. Docker or Kubernetes. CVE-2024-25621 Overly broad default permission vulnerability. Directory paths `/var/lib/containerd`, `/run/containerd/io.containerd.grpc.v1.cri` and `/run/containerd/io.containerd.sandbox.controller.v1.shim` were all created with incorrect permissions. CVE-2025-64329 Bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. For Debian 11 bullseye, these problems have been fixed in version 1.4.13~ds1-1~deb11u6. We recommend that you upgrade your containerd packages. For the detailed security status of containerd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/containerd Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0Kl7ndbut+9n4bYs5yXoeRRgAhYFAmmEJJoACgkQ5yXoeRRg Aha9YQ//bBzdFEsqgqs/ie1rz9HyFuJ5HS27ejqgcmLx6YICdzi3/cUix0zwBT+m wii6TksLHiZvEFlJ0NVNNNWWB/2+gQDB4yLyUTcGg4/pWKZQ1fpfq1n7vcPqMvqZ oVqyS0y+wB6NNw7vJrgjzFrBaTRm+Agk+GMnVg6A4/W/9796fTTetFXv16o8Yt0X GwwaDFSTUZq9iTpoiz5r2Z5LwwnTodY1mB7gcyqUe4xI039fFQjUdq5s95cVB1Ut Tw1iI9T6tLZfNBv0mjznuWhYE+bXkhF3tAsaSOMT/ij4X6Y231pEuUEE2PMsFSc1 GzcOwF1GqCVCFUaTtdcC7OgzKPd37QQBe+ckTQZ33c23xR0bXMFFE+cogog/jExh D3bYpBKA8WKV9ouWmpaYDw7EiO73f/VtLGyl0rbJGKWDdb9maDG9/KbcsboZXN4K VTgo9zFddSd5zzxwJI+7+dX2uGBGa/HCZJYunto8HrZPF8DlIt4VWRzYNiVtPY74 oa44BoujAmaabYhqTfo0W6DbtTLcMWjvstA5nBeke7YSiE8t2+9l5oC/L3LIFZRf 9HdpnoqBlKbgC3f5BqhfM7yyhwlhoC4zuWiWx1jX6k2ZkY3exrt3ryYnRsHL/Kpc EscFUZv3wXjrczeps/1uOGx1kY9B8RZdtgDCshfSaxK6jFQwzeU= =RdfT -----END PGP SIGNATURE-----