Commit e50ed36
![autofix-ci[bot]](https://avatars.githubusercontent.com/in/243519?v=4&size=40){kind=avatar}
* STDIN
1 fix: Upgrade containerd to v2.1.5 to address security vulnerabilities
2
3 This upgrade fixes two containerd security vulnerabilities:
4
5 - CVE-2024-25621 (High): Local privilege escalation via wide permissions on CRI directory
6 - /var/lib/containerd created with 0o711 instead of 0o700
7 - /run/containerd/io.containerd.grpc.v1.cri created with 0o755 instead of 0o700
8 - /run/containerd/io.containerd.sandbox.controller.v1.shim created with 0o711 instead of 0o700
9 - Allowed local users to access metadata/content stores and Kubernetes volumes
10 - Fixed by automatically updating directory permissions on upgrade
11
12 - CVE-2025-64329 (Moderate): Host memory exhaustion through Attach goroutine leak
13 - Repetitive CRI Attach calls (kubectl attach) could leak goroutines
14 - Could exhaust host memory over time
15 - Fixed by proper goroutine cleanup in CRI implementation
16
17 Upgraded github.com/containerd/containerd/v2 from v2.1.4 to v2.1.5
18
19 Resolves Dependabot alerts #128 and #129
20
21 🤖 Generated with [Claude Code](https://claude.com/claude-code)
22
23 Co-Authored-By: Claude <[email protected]>
* [autofix.ci] apply automated fixes
---------
Co-authored-by: Claude (via Conductor) <[email protected]>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
1 parent af04688 commit e50ed36
3 files changed
+4
-4
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
195 | 195 | | |
196 | 196 | | |
197 | 197 | | |
198 | | - | |
| 198 | + | |
199 | 199 | | |
200 | 200 | | |
201 | 201 | | |
| |||
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments