{"id":"MGASA-2021-0248","summary":"Updated docker-containerd packages fix security vulnerability","details":"In containerd (an industry-standard container runtime) before versions 1.3.10 \nand 1.4.4, containers launched through containerd's CRI implementation \n(through Kubernetes, crictl, or any other pod/container client that uses the \ncontainerd CRI service) that share the same image may receive incorrect \nenvironment variables, including values that are defined for other \ncontainers. If the affected containers have different security contexts, this \nmay allow sensitive information to be unintentionally shared. If you are not \nusing containerd's CRI implementation (through one of the mechanisms \ndescribed above), you are not vulnerable to this issue. If you are not \nlaunching multiple containers or Kubernetes pods from the same image which \nhave different environment variables, you are not vulnerable to this issue. \nIf you are not launching multiple containers or Kubernetes pods from the same \nimage in rapid succession, you have reduced likelihood of being vulnerable to \nthis issue This vulnerability has been fixed in containerd 1.3.10 and \ncontainerd 1.4.4. (CVE-2021-21334).\n","modified":"2026-04-16T04:41:28.666821905Z","published":"2021-06-13T21:32:39Z","upstream":["CVE-2021-21334"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0248.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29003"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/"}],"affected":[{"package":{"name":"docker-containerd","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/docker-containerd?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.4-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0248.json"}},{"package":{"name":"docker-containerd","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/docker-containerd?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.4-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0248.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}