containerd packages from USN-4653-1 were reverted in order to fix a dependency issue with the docker package. This new update fixes the same issues as the previous one. We apologize for the inconvenience.
Original advisory details:
It was discovered that access controls for the shimâ€™s API socket did not restrict access to the abstract unix domain socket in some cases. An attacker could use this vulnerability to run containers with elevated privileges.