Container Networking Security Issue (CVE-2020-8558)

栏目: IT技术 · 发布时间: 4年前

内容简介:You are viewing a previous version of this security bulletin.AWS is aware of a security issue, recently disclosed by the Kubernetes community, affecting Linux container networking (CVE-2020-8558). This issue may allow containers running on the same, or adj

CVE Identifier: CVE-2020-8558

This is an update for this issue.

AWS is aware of a security issue, recently disclosed by the Kubernetes community, affecting Linux container networking (CVE-2020-8558). This issue may allow containers running on the same host, or adjacent hosts (hosts running in the same LAN or layer 2 domain), to reach TCP and UDP services bound to localhost (127.0.0.1).

All AWS security controls to maintain isolation between customers in Amazon ECS and Amazon EKS continue to work correctly. This issue presents no risk of cross-account data access. Processes within a container on one host may be able to gain unintended network access to other containers on that same host or on other hosts within the same VPC and subnet. Customer action is required, and steps for immediate mitigation are available at https://github.com/aws/containers-roadmap/issues/976 . All Amazon ECS and Amazon EKS customers should update to the latest AMI.

AWS Fargate

AWS Fargate is not affected. No customer action is required.

Amazon Elastic Container Service (Amazon ECS)

Updated Amazon ECS Optimized AMIs are now available. As a general security best practice, we recommend that ECS customers update their configurations to launch new container instances from the latest AMI version.

Customers can upgrade their AMIs by referring to the ECS documentation .

Amazon Elastic Kubernetes Service (Amazon EKS)

Updated Amazon EKS-Optimized AMIs are now available. As a general security best practice, we recommend that EKS customers update their configurations to launch new worker nodes from the latest AMI version.

Customers using Managed node groups can upgrade their node groups by referring to the EKS documentation . Customers self managing worker nodes should replace existing instances with the new AMI version by referring to the EKS documentation

[V1] Initial Publication Date: 2020/07/08 7:15PM PDT

CVE Identifier: CVE-2020-8558

You are viewing a previous version of this security bulletin.

AWS is aware of a security issue, recently disclosed by the Kubernetes community, affecting Linux container networking (CVE-2020-8558). This issue may allow containers running on the same, or adjacent hosts (hosts running in the same LAN or layer 2 domain), to reach TCP and UDP services bound to localhost (127.0.0.1).

AWS Fargate is not affected. No customer action is required.

All AWS security controls to maintain isolation between customers in Amazon ECS and Amazon EKS continue to work correctly. This issue presents no risk of cross-account data access. Processes within a container on one host may be able to gain unintended network access to other containers on that same host or on other hosts within the same VPC and subnet. Customer action is required, and steps for immediate mitigation are available at: https://github.com/aws/containers-roadmap/issues/976

We will be releasing updated Amazon Machine Images for both Amazon ECS and Amazon EKS, and customers should update to these AMIs as soon as they are available.

AWS Fargate

AWS Fargate is not affected. No customer action is required.

Amazon Elastic Container Service (Amazon ECS)

Amazon ECS will be releasing updated ECS Optimized AMIs including the Amazon Linux AMI, Amazon Linux 2 AMI, GPU-Optimized AMI, ARM-Optimized AMI, and Inferentia-Optimized AMI on July 9, 2020. Updating to use one of these AMIs will mitigate the issue. We will update this bulletin when updated AMIs are available.

Amazon Elastic Kubernetes Service (Amazon EKS)

Amazon EKS will be releasing updated EKS Optimized AMIs including the Amazon Linux 2 EKS-Optimized AMI and EKS-Optimized accelerated AMI for Kubernetes 1.14, 1.15, and 1.16 on July 9, 2020. Updating to use one of these AMIs will mitigate the issue. We will update this bulletin when updated AMIs are available.

以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

数据结构

数据结构

霍罗威茨 / 机械工业出版社 / 2006-7-1 / 48.00元

《数据结构》(C语言版)针对采用ANSI C实现数据结构进行了全面的描述和深入的讨论。书中详细讨论了栈、队列、链表以及查找结构、高级树结构等功能,对裴波那契堆、伸展树、红黑树、2-3树、2-3-4树、二项堆、最小-最大堆、双端堆等新的数据结构进行了有效分析。《数据结构》(C语言版)对一些特殊形式的堆结构,诸如应用在双端优先队列中的最小-最大堆和双端堆的数据结构以及左高树、裴波那契堆、二项堆等数据结......一起来看看 《数据结构》 这本书的介绍吧!

SHA 加密
SHA 加密

SHA 加密工具

XML、JSON 在线转换
XML、JSON 在线转换

在线XML、JSON转换工具

XML 在线格式化
XML 在线格式化

在线 XML 格式化压缩工具