SUSE-SU-2022:4463-1

HIGH7.5

Security update for containerd

Published Dec 13, 2022

Modified 3 years ago

Fix available

Details

Description of the patch:

This update for containerd fixes the following issues:

Update to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065).

Also includes the following fix:

CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235).
CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284).

Affected Packages

containerd

SUSE Enterprise Storage 6SUSE Enterprise Storage 7SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15SUSE Linux Enterprise High Performance Computing 15 SP1

Fixed in:

1.6.12-150000.79.1

containerd-ctr

SUSE Enterprise Storage 6SUSE Enterprise Storage 7SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15SUSE Linux Enterprise High Performance Computing 15 SP1

Fixed in:

1.6.12-150000.79.1

References

ADVISORY

https://bugzilla.suse.com/1197284

ADVISORY

https://bugzilla.suse.com/1206065

ADVISORY

https://bugzilla.suse.com/1206235

ADVISORY

https://lists.suse.com/pipermail/sle-security-updates/2022-December/013228.html

ADVISORY