[SECURITY] [DLA 4467-1] containerd security update

Wed, 04 Feb 2026 21:04:01 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4467-1                [email protected]
https://www.debian.org/lts/security/                     Arnaud Rebillout
February 05, 2026                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : containerd
Version        : 1.4.13~ds1-1~deb11u6
CVE ID         : CVE-2024-25621 CVE-2025-64329
Debian Bug     : 1120285 1120343

Multiple vulnerabilities were discovered in containerd, an open-source
container runtime, used by e.g. Docker or Kubernetes.

CVE-2024-25621

    Overly broad default permission vulnerability. Directory paths
    `/var/lib/containerd`, `/run/containerd/io.containerd.grpc.v1.cri`
    and `/run/containerd/io.containerd.sandbox.controller.v1.shim` were
    all created with incorrect permissions.

CVE-2025-64329

    Bug in the CRI Attach implementation where a user can exhaust memory
    on the host due to goroutine leaks.

For Debian 11 bullseye, these problems have been fixed in version
1.4.13~ds1-1~deb11u6.

We recommend that you upgrade your containerd packages.

For the detailed security status of containerd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/containerd

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0Kl7ndbut+9n4bYs5yXoeRRgAhYFAmmEJJoACgkQ5yXoeRRg
Aha9YQ//bBzdFEsqgqs/ie1rz9HyFuJ5HS27ejqgcmLx6YICdzi3/cUix0zwBT+m
wii6TksLHiZvEFlJ0NVNNNWWB/2+gQDB4yLyUTcGg4/pWKZQ1fpfq1n7vcPqMvqZ
oVqyS0y+wB6NNw7vJrgjzFrBaTRm+Agk+GMnVg6A4/W/9796fTTetFXv16o8Yt0X
GwwaDFSTUZq9iTpoiz5r2Z5LwwnTodY1mB7gcyqUe4xI039fFQjUdq5s95cVB1Ut
Tw1iI9T6tLZfNBv0mjznuWhYE+bXkhF3tAsaSOMT/ij4X6Y231pEuUEE2PMsFSc1
GzcOwF1GqCVCFUaTtdcC7OgzKPd37QQBe+ckTQZ33c23xR0bXMFFE+cogog/jExh
D3bYpBKA8WKV9ouWmpaYDw7EiO73f/VtLGyl0rbJGKWDdb9maDG9/KbcsboZXN4K
VTgo9zFddSd5zzxwJI+7+dX2uGBGa/HCZJYunto8HrZPF8DlIt4VWRzYNiVtPY74
oa44BoujAmaabYhqTfo0W6DbtTLcMWjvstA5nBeke7YSiE8t2+9l5oC/L3LIFZRf
9HdpnoqBlKbgC3f5BqhfM7yyhwlhoC4zuWiWx1jX6k2ZkY3exrt3ryYnRsHL/Kpc
EscFUZv3wXjrczeps/1uOGx1kY9B8RZdtgDCshfSaxK6jFQwzeU=
=RdfT
-----END PGP SIGNATURE-----

Reply via email to