Container Networking Security Issue (CVE-2020-8558)

栏目: IT技术 · 发布时间: 4年前

内容简介:You are viewing a previous version of this security bulletin.AWS is aware of a security issue, recently disclosed by the Kubernetes community, affecting Linux container networking (CVE-2020-8558). This issue may allow containers running on the same, or adj

CVE Identifier: CVE-2020-8558

This is an update for this issue.

AWS is aware of a security issue, recently disclosed by the Kubernetes community, affecting Linux container networking (CVE-2020-8558). This issue may allow containers running on the same host, or adjacent hosts (hosts running in the same LAN or layer 2 domain), to reach TCP and UDP services bound to localhost (127.0.0.1).

All AWS security controls to maintain isolation between customers in Amazon ECS and Amazon EKS continue to work correctly. This issue presents no risk of cross-account data access. Processes within a container on one host may be able to gain unintended network access to other containers on that same host or on other hosts within the same VPC and subnet. Customer action is required, and steps for immediate mitigation are available at https://github.com/aws/containers-roadmap/issues/976 . All Amazon ECS and Amazon EKS customers should update to the latest AMI.

AWS Fargate

AWS Fargate is not affected. No customer action is required.

Amazon Elastic Container Service (Amazon ECS)

Updated Amazon ECS Optimized AMIs are now available. As a general security best practice, we recommend that ECS customers update their configurations to launch new container instances from the latest AMI version.

Customers can upgrade their AMIs by referring to the ECS documentation .

Amazon Elastic Kubernetes Service (Amazon EKS)

Updated Amazon EKS-Optimized AMIs are now available. As a general security best practice, we recommend that EKS customers update their configurations to launch new worker nodes from the latest AMI version.

Customers using Managed node groups can upgrade their node groups by referring to the EKS documentation . Customers self managing worker nodes should replace existing instances with the new AMI version by referring to the EKS documentation

[V1] Initial Publication Date: 2020/07/08 7:15PM PDT

CVE Identifier: CVE-2020-8558

You are viewing a previous version of this security bulletin.

AWS is aware of a security issue, recently disclosed by the Kubernetes community, affecting Linux container networking (CVE-2020-8558). This issue may allow containers running on the same, or adjacent hosts (hosts running in the same LAN or layer 2 domain), to reach TCP and UDP services bound to localhost (127.0.0.1).

AWS Fargate is not affected. No customer action is required.

All AWS security controls to maintain isolation between customers in Amazon ECS and Amazon EKS continue to work correctly. This issue presents no risk of cross-account data access. Processes within a container on one host may be able to gain unintended network access to other containers on that same host or on other hosts within the same VPC and subnet. Customer action is required, and steps for immediate mitigation are available at: https://github.com/aws/containers-roadmap/issues/976

We will be releasing updated Amazon Machine Images for both Amazon ECS and Amazon EKS, and customers should update to these AMIs as soon as they are available.

AWS Fargate

AWS Fargate is not affected. No customer action is required.

Amazon Elastic Container Service (Amazon ECS)

Amazon ECS will be releasing updated ECS Optimized AMIs including the Amazon Linux AMI, Amazon Linux 2 AMI, GPU-Optimized AMI, ARM-Optimized AMI, and Inferentia-Optimized AMI on July 9, 2020. Updating to use one of these AMIs will mitigate the issue. We will update this bulletin when updated AMIs are available.

Amazon Elastic Kubernetes Service (Amazon EKS)

Amazon EKS will be releasing updated EKS Optimized AMIs including the Amazon Linux 2 EKS-Optimized AMI and EKS-Optimized accelerated AMI for Kubernetes 1.14, 1.15, and 1.16 on July 9, 2020. Updating to use one of these AMIs will mitigate the issue. We will update this bulletin when updated AMIs are available.

以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

两周自制脚本语言

两周自制脚本语言

[日]千叶 滋 / 陈筱烟 / 人民邮电出版社 / 2014-6 / 59.00元

《两周自制脚本语言》是一本优秀的编译原理入门读物。全书穿插了大量轻松风趣的对话,读者可以随书中的人物一起从最简单的语言解释器开始,逐步添加新功能,最终完成一个支持函数、数组、对象等高级功能的语言编译器。本书与众不同的实现方式不仅大幅简化了语言处理器的复杂度,还有助于拓展读者的视野。 《两周自制脚本语言》适合对编译原理及语言处理器设计有兴趣的读者以及正在学习相关课程的大中专院校学生。同时,已经......一起来看看 《两周自制脚本语言》 这本书的介绍吧!

图片转BASE64编码
图片转BASE64编码

在线图片转Base64编码工具

UNIX 时间戳转换
UNIX 时间戳转换

UNIX 时间戳转换

HEX HSV 转换工具
HEX HSV 转换工具

HEX HSV 互换工具