Runc Vulnerability (CVE-2021-30465) Fix Description

最終更新日:2024-12-13 15:46:01

Runc Vulnerability (CVE-2021-30465) Fix Description

最終更新日: 2024-12-13 15:46:01

Vulnerability Details
Add-on: runC
Vulnerability Name: runC path traversal vulnerability
CVE No.: CVE-2021-30465
Fix Policy: Upgrade runC to 1.0.0-rc95 or later.
Fix Progress
1. The vulnerability was fixed for incremental nodes in September 2021 in TKE.
2. For legacy nodes, see the following upgrade script and fix the vulnerability during off-peak hours to avoid affecting the business stability.
Note: 
Upgrading the runC add-on will not restart the business Pod.
#!/bin/bash
﻿
util::is_docker() {
 if command -v docker 1>/dev/null 2>&1; then
     RUNTIME="docker"
     return 0
 else
     return 1
 fi
}
﻿
wget http://static.ccs.tencentyun.com/docker-19.03.9-install-1.2.tgz
﻿
tar -zxf docker-19.03.9-install-1.2.tgz
﻿
if ! docker-19.03/bin/runc --version; then 
 echo "unmatch libseccomp version"
 # Get OS distribution
 OS_RELEASE="$(. /etc/os-release && echo "$ID")"
 OS_VERSION="$(. /etc/os-release && echo "$VERSION_ID")"
﻿
 if [ "ubuntu" = "${OS_RELEASE}" ]; then
     apt-get install libseccomp2
 else 
     yum install -y libseccomp
 fi
fi
﻿
if ! docker-19.03/bin/runc --version; then 
 echo "bad libseccomp version"
 exit 1;
fi
﻿
if util::is_docker; then
 cp docker-19.03/bin/runc /usr/bin/docker-runc
 cp docker-19.03/bin/runc /usr/bin/runc
else
 cp docker-19.03/bin/runc /usr/local/sbin/runc
fi
﻿
rm -r    docker-19.03
rm       docker-19.03.9-install-1.2.tgz
﻿
﻿

この記事はお役に立ちましたか？

営業担当者にお問い合わせいただくかチケットを提出してサポートを求めることができます。

はい

いいえ

フィードバック

tencent cloud

Vulnerability Details

Fix Progress