------------------------------------------------------------------------- Debian LTS Advisory DLA-4153-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Andreas Henriksson May 04, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : containerd Version : 1.4.13~ds1-1~deb11u5 CVE ID : CVE-2024-40635 Debian Bug : 1100806 containerd is a container runtime. A bug was found in containerd where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. For Debian 11 bullseye, this problem has been fixed in version 1.4.13~ds1-1~deb11u5. We recommend that you upgrade your containerd packages. For the detailed security status of containerd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/containerd Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature