tencent cloud

masukan

Runc Vulnerability (CVE-2021-30465) Fix Description

Terakhir diperbarui:2022-06-10 16:48:44

    Vulnerability Details

    Add-on: runC
    Vulnerability Name: runC path traversal vulnerability
    CVE No.: CVE-2021-30465
    Fix Policy: Upgrade runC to 1.0.0-rc95 or later.

    Fix Progress

    1. The vulnerability was fixed for incremental nodes in September 2021 in TKE.
    2. For legacy nodes, see the following upgrade script and fix the vulnerability during off-peak hours to avoid affecting the business stability.
      Note:

      Upgrading the runC add-on will not restart the business Pod.

      #!/bin/bash
      util::is_docker() {
      if command -v docker 1>/dev/null 2>&1; then
          RUNTIME="docker"
          return 0
      else
          return 1
      fi
      }
      wget http://static.ccs.tencentyun.com/docker-19.03.9-install-1.2.tgz
      tar -zxf docker-19.03.9-install-1.2.tgz
      if ! docker-19.03/bin/runc --version; then 
      echo "unmatch libseccomp version"
      # Get OS distribution
      OS_RELEASE="$(. /etc/os-release && echo "$ID")"
      OS_VERSION="$(. /etc/os-release && echo "$VERSION_ID")"
       if [ "ubuntu" = "${OS_RELEASE}" ]; then
       apt-get install libseccomp2
      else 
       yum install -y libseccomp
      fi
      fi
      if ! docker-19.03/bin/runc --version; then 
      echo "bad libseccomp version"
      exit 1;
      fi
      if util::is_docker; then
      cp docker-19.03/bin/runc /usr/bin/docker-runc
      cp docker-19.03/bin/runc /usr/bin/runc
      else
      cp docker-19.03/bin/runc /usr/local/sbin/runc
      fi
      rm -r    docker-19.03
      rm       docker-19.03.9-install-1.2.tgz
      
    Hubungi Kami

    Hubungi tim penjualan atau penasihat bisnis kami untuk membantu bisnis Anda.

    Dukungan Teknis

    Buka tiket jika Anda mencari bantuan lebih lanjut. Tiket kami tersedia 7x24.

    Dukungan Telepon 7x24