{"id":"MGASA-2021-0484","summary":"Updated docker-containerd packages fix security vulnerability","details":"A bug was found in containerd where pulling and extracting a\nspecially-crafted container image can result in Unix file permission\nchanges for existing files in the host’s filesystem. Changes to file\npermissions can deny access to the expected owner of the file, widen\naccess to others, or set extended bits like setuid, setgid, and sticky.\nThis bug does not directly allow files to be read, modified, or executed\nwithout an additional cooperating process.\n","modified":"2026-02-04T02:39:42.402495Z","published":"2021-10-23T10:05:28Z","related":["CVE-2021-32760","CVE-2021-41103"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0484.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29268"},{"type":"REPORT","url":"https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w"},{"type":"REPORT","url":"https://ubuntu.com/security/notices/USN-5012-1"},{"type":"REPORT","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KOVJMTDKAFMTONFNVO7Z327OFE52V7FK/"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/"},{"type":"REPORT","url":"https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq"},{"type":"REPORT","url":"https://ubuntu.com/security/notices/USN-5100-1"},{"type":"REPORT","url":"https://lists.suse.com/pipermail/sle-security-updates/2021-October/009566.html"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/M7ZZTABKTSJ5DYVDIQ7CVZG5HABGM2EC/"}],"affected":[{"package":{"name":"docker-containerd","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/docker-containerd?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.7-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0484.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}