Container Networking Security Issue (CVE-2020-8558)

栏目: IT技术 · 发布时间: 4年前

内容简介:You are viewing a previous version of this security bulletin.AWS is aware of a security issue, recently disclosed by the Kubernetes community, affecting Linux container networking (CVE-2020-8558). This issue may allow containers running on the same, or adj

CVE Identifier: CVE-2020-8558

This is an update for this issue.

AWS is aware of a security issue, recently disclosed by the Kubernetes community, affecting Linux container networking (CVE-2020-8558). This issue may allow containers running on the same host, or adjacent hosts (hosts running in the same LAN or layer 2 domain), to reach TCP and UDP services bound to localhost (127.0.0.1).

All AWS security controls to maintain isolation between customers in Amazon ECS and Amazon EKS continue to work correctly. This issue presents no risk of cross-account data access. Processes within a container on one host may be able to gain unintended network access to other containers on that same host or on other hosts within the same VPC and subnet. Customer action is required, and steps for immediate mitigation are available at https://github.com/aws/containers-roadmap/issues/976 . All Amazon ECS and Amazon EKS customers should update to the latest AMI.

AWS Fargate

AWS Fargate is not affected. No customer action is required.

Amazon Elastic Container Service (Amazon ECS)

Updated Amazon ECS Optimized AMIs are now available. As a general security best practice, we recommend that ECS customers update their configurations to launch new container instances from the latest AMI version.

Customers can upgrade their AMIs by referring to the ECS documentation .

Amazon Elastic Kubernetes Service (Amazon EKS)

Updated Amazon EKS-Optimized AMIs are now available. As a general security best practice, we recommend that EKS customers update their configurations to launch new worker nodes from the latest AMI version.

Customers using Managed node groups can upgrade their node groups by referring to the EKS documentation . Customers self managing worker nodes should replace existing instances with the new AMI version by referring to the EKS documentation

[V1] Initial Publication Date: 2020/07/08 7:15PM PDT

CVE Identifier: CVE-2020-8558

You are viewing a previous version of this security bulletin.

AWS is aware of a security issue, recently disclosed by the Kubernetes community, affecting Linux container networking (CVE-2020-8558). This issue may allow containers running on the same, or adjacent hosts (hosts running in the same LAN or layer 2 domain), to reach TCP and UDP services bound to localhost (127.0.0.1).

AWS Fargate is not affected. No customer action is required.

All AWS security controls to maintain isolation between customers in Amazon ECS and Amazon EKS continue to work correctly. This issue presents no risk of cross-account data access. Processes within a container on one host may be able to gain unintended network access to other containers on that same host or on other hosts within the same VPC and subnet. Customer action is required, and steps for immediate mitigation are available at: https://github.com/aws/containers-roadmap/issues/976

We will be releasing updated Amazon Machine Images for both Amazon ECS and Amazon EKS, and customers should update to these AMIs as soon as they are available.

AWS Fargate

AWS Fargate is not affected. No customer action is required.

Amazon Elastic Container Service (Amazon ECS)

Amazon ECS will be releasing updated ECS Optimized AMIs including the Amazon Linux AMI, Amazon Linux 2 AMI, GPU-Optimized AMI, ARM-Optimized AMI, and Inferentia-Optimized AMI on July 9, 2020. Updating to use one of these AMIs will mitigate the issue. We will update this bulletin when updated AMIs are available.

Amazon Elastic Kubernetes Service (Amazon EKS)

Amazon EKS will be releasing updated EKS Optimized AMIs including the Amazon Linux 2 EKS-Optimized AMI and EKS-Optimized accelerated AMI for Kubernetes 1.14, 1.15, and 1.16 on July 9, 2020. Updating to use one of these AMIs will mitigate the issue. We will update this bulletin when updated AMIs are available.

以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

新零售(实体店O2O营销与运营实战)

新零售(实体店O2O营销与运营实战)

苗李宁 / / 化学工业 / 2018-08-01 / 58.0

一起来看看 《新零售(实体店O2O营销与运营实战)》 这本书的介绍吧!

Base64 编码/解码
Base64 编码/解码

Base64 编码/解码

MD5 加密
MD5 加密

MD5 加密工具

SHA 加密
SHA 加密

SHA 加密工具