Add-on: runC
Vulnerability Name: runC path traversal vulnerability
CVE No.: CVE-2021-30465
Fix Policy: Upgrade runC to 1.0.0-rc95 or later.
Note:Upgrading the runC add-on will not restart the business Pod.
#!/bin/bash
util::is_docker() {
if command -v docker 1>/dev/null 2>&1; then
RUNTIME="docker"
return 0
else
return 1
fi
}
wget http://static.ccs.tencentyun.com/docker-19.03.9-install-1.2.tgz
tar -zxf docker-19.03.9-install-1.2.tgz
if ! docker-19.03/bin/runc --version; then
echo "unmatch libseccomp version"
# Get OS distribution
OS_RELEASE="$(. /etc/os-release && echo "$ID")"
OS_VERSION="$(. /etc/os-release && echo "$VERSION_ID")"
if [ "ubuntu" = "${OS_RELEASE}" ]; then
apt-get install libseccomp2
else
yum install -y libseccomp
fi
fi
if ! docker-19.03/bin/runc --version; then
echo "bad libseccomp version"
exit 1;
fi
if util::is_docker; then
cp docker-19.03/bin/runc /usr/bin/docker-runc
cp docker-19.03/bin/runc /usr/bin/runc
else
cp docker-19.03/bin/runc /usr/local/sbin/runc
fi
rm -r docker-19.03
rm docker-19.03.9-install-1.2.tgz
Was this page helpful?