containerd: 1.4.2 -> 1.4.3
Access controls for the shim’s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. Fixes: CVE-2020-15257
This commit is contained in:
parent
415a269827
commit
8884729f19
1 changed files with 2 additions and 2 deletions
|
@ -4,7 +4,7 @@ with lib;
|
|||
|
||||
buildGoPackage rec {
|
||||
pname = "containerd";
|
||||
version = "1.4.2";
|
||||
version = "1.4.3";
|
||||
# git commit for the above version's tag
|
||||
commit = "7ad184331fa3e55e52b890ea95e65ba581ae3429";
|
||||
|
||||
|
@ -12,7 +12,7 @@ buildGoPackage rec {
|
|||
owner = "containerd";
|
||||
repo = "containerd";
|
||||
rev = "v${version}";
|
||||
sha256 = "17ciyvqz0j1q2vyzwkz6bkvxpz2d7y1kk99fv68ar7l4mr8pyp78";
|
||||
sha256 = "09xvhjg5f8h90w1y94kqqnqzhbhd62dcdd9wb9sdqakisjk6zrl0";
|
||||
};
|
||||
|
||||
goPackagePath = "github.com/containerd/containerd";
|
||||
|
|
Loading…
Reference in a new issue