advisories: add advisories for containerd

KCSesh · KCSesh · commit 6afd2678da20 · 2025-11-13T20:46:27.000Z
Signed-off-by: Kyle Sessions &lt;kssessio@amazon.com&gt;
diff --git a/advisories/11.0.0/BRSA-mavhpoajhdy8.toml b/advisories/11.0.0/BRSA-mavhpoajhdy8.toml
@@ -0,0 +1,28 @@
+[advisory]
+id = "BRSA-mavhpoajhdy8"
+title = "containerd CVE-2024-25621"
+cve = "CVE-2024-25621"
+severity = "moderate"
+description = """
+An overly broad default permission vulnerability was found in containerd. Directory paths /var/lib/containerd, /run/containerd/io.containerd.grpc.v1.cri and /run/containerd/io.containerd.sandbox.controller.v1.shim were all created with incorrect permissions."""
+
+[[advisory.products]]
+package-name = "containerd-1.7"
+patched-version = "1.7.29"
+patched-epoch = "1"
+
+[[advisory.products]]
+package-name = "containerd-2.0"
+patched-version = "2.0.7"
+patched-epoch = "1"
+
+[[advisory.products]]
+package-name = "containerd-2.1"
+patched-version = "2.1.5"
+patched-epoch = "0"
+
+[updateinfo]
+author = "kssessio"
+issue-date = 2025-11-13T15:40:31Z
+arches = ["x86_64", "aarch64"]
+version = "11.0.0"
diff --git a/advisories/11.0.0/BRSA-s6xothqqu5vw.toml b/advisories/11.0.0/BRSA-s6xothqqu5vw.toml
@@ -0,0 +1,27 @@
+[advisory]
+id = "BRSA-s6xothqqu5vw"
+title = "containerd CVE-2025-64329"
+cve = "CVE-2025-64329"
+severity = "moderate"
+description = "A bug was found in containerd's CRI Attach implementation that causes goroutine leaks. Repetitive calls to CRI Attach can exhaust memory on the host."
+
+[[advisory.products]]
+package-name = "containerd-1.7"
+patched-version = "1.7.29"
+patched-epoch = "1"
+
+[[advisory.products]]
+package-name = "containerd-2.0"
+patched-version = "2.0.7"
+patched-epoch = "1"
+
+[[advisory.products]]
+package-name = "containerd-2.1"
+patched-version = "2.1.5"
+patched-epoch = "0"
+
+[updateinfo]
+author = "kssessio"
+issue-date = 2025-11-13T15:40:31Z
+arches = ["x86_64", "aarch64"]
+version = "11.0.0"
