tencent cloud

Feedback

Runc Vulnerability (CVE-2021-30465) Fix Description

Last updated: 2024-12-13 15:46:01

Vulnerability Details

Add-on: runC Vulnerability Name: runC path traversal vulnerability CVE No.: CVE-2021-30465 Fix Policy: Upgrade runC to 1.0.0-rc95 or later.

Fix Progress

1. The vulnerability was fixed for incremental nodes in September 2021 in TKE.
2. For legacy nodes, see the following upgrade script and fix the vulnerability during off-peak hours to avoid affecting the business stability.
Note:
Upgrading the runC add-on will not restart the business Pod.
#!/bin/bash

util::is_docker() {
if command -v docker 1>/dev/null 2>&1; then
RUNTIME="docker"
return 0
else
return 1
fi
}

wget http://static.ccs.tencentyun.com/docker-19.03.9-install-1.2.tgz

tar -zxf docker-19.03.9-install-1.2.tgz

if ! docker-19.03/bin/runc --version; then
echo "unmatch libseccomp version"
# Get OS distribution
OS_RELEASE="$(. /etc/os-release && echo "$ID")"
OS_VERSION="$(. /etc/os-release && echo "$VERSION_ID")"

if [ "ubuntu" = "${OS_RELEASE}" ]; then
apt-get install libseccomp2
else
yum install -y libseccomp
fi
fi

if ! docker-19.03/bin/runc --version; then
echo "bad libseccomp version"
exit 1;
fi

if util::is_docker; then
cp docker-19.03/bin/runc /usr/bin/docker-runc
cp docker-19.03/bin/runc /usr/bin/runc
else
cp docker-19.03/bin/runc /usr/local/sbin/runc
fi

rm -r docker-19.03
rm docker-19.03.9-install-1.2.tgz



Catalog

In The Article

Runc Vulnerability (CVE-2021-30465) Fix Description

Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support