USN-4653-1: containerd vulnerability

Please see https://ubuntu.com/security/notices/USN-4653-1 for details on this security update.

Some time before the update, https://launchpad.net/bugs/1870514 was filed which describes how dockerd from the docker.io package is stopped as a result upgrading containerd, which this USN update triggered. If you are using the docker.io deb and are affected by this, please run:

$ sudo systemctl restart docker

The issue is a result of two bugs unrelated to the security fix:

  1. docker stops on containerd restart
  2. containerd unconditionally restarting on upgrade

This highlights a testing gap between the two packages that will be resolved in future updates.

We’ve since reverted the update and the @server-team has a plan to fix both of these issues and we’ll be issuing new security updates for docker.io and containerd to address these bugs and reintroduce the security fix.

We apologize for the inconvenience.

3 Likes