Detections
Analytics

Debian dla-4467 : containerd - security update

medium Nessus Plugin ID 297981

Language:

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4467 advisory.

 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4467-1 [email protected] https://www.debian.org/lts/security/ Arnaud Rebillout February 05, 2026 https://wiki.debian.org/LTS
 - -------------------------------------------------------------------------

 Package : containerd Version : 1.4.13~ds1-1~deb11u6 CVE ID : CVE-2024-25621 CVE-2025-64329 Debian Bug : 1120285 1120343

 Multiple vulnerabilities were discovered in containerd, an open-source container runtime, used by e.g. Docker or Kubernetes.

 CVE-2024-25621

 Overly broad default permission vulnerability. Directory paths `/var/lib/containerd`, `/run/containerd/io.containerd.grpc.v1.cri` and `/run/containerd/io.containerd.sandbox.controller.v1.shim` were all created with incorrect permissions.

 CVE-2025-64329

 Bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks.

 For Debian 11 bullseye, these problems have been fixed in version 1.4.13~ds1-1~deb11u6.

 We recommend that you upgrade your containerd packages.

 For the detailed security status of containerd please refer to its security tracker page at:
 https://security-tracker.debian.org/tracker/containerd

 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the containerd packages.

See Also

https://security-tracker.debian.org/tracker/source-package/containerd

https://security-tracker.debian.org/tracker/CVE-2024-25621

https://security-tracker.debian.org/tracker/CVE-2025-64329

https://packages.debian.org/source/bullseye/containerd

Plugin Details

Severity: Medium

ID: 297981

File Name: debian_DLA-4467.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2/5/2026

Updated: 2/5/2026

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-25621

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 6.9

Threat Score: 4.6

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2025-64329

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:11.0, p-cpe:/a:debian:debian_linux:containerd, p-cpe:/a:debian:debian_linux:golang-github-containerd-containerd-dev

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 2/5/2026

Vulnerability Publication Date: 11/6/2025

Reference Information

CVE: CVE-2024-25621, CVE-2025-64329

IAVA: 2025-A-0832