All users are encouraged to upgrade to the latest version to ensure the security of their Kubernetes deployments. A mitigation is available to reduce the risk of memory exhaustion in the event that a container is invoked with an untrusted image or command. When running untrusted containers, the user can add a " cap_enable=M:1,N:128m " line to the `/etc/security/limits.conf` file. This will limit the amount of memory that the container may consume to 128MiB.
What is Kubernetes?
Kubernetes is an open-source orchestration tool that automatically handles the installation, scaling, and operation of a cluster of virtual machines.
The Kubernetes platform aims to automate the management of containers across multiple hosts. Additionally, it provides a mechanism for managing application deployment and administration.
In short, Kubernetes automates your infrastructure.
How to update
There are several methods for updating to the latest version of Kubernetes. You can use one of the following options:
- The user can download and apply the patch themselves by unzipping the update file and then running `/usr/bin/kube-updater --self-update`.
- The user can run `kube upgrade --auto` from the command line so that it automatically applies any available updates.
- Users are encouraged to join the Cloud Native Computing Foundation's Kubernetes Community where they will receive support and feedback on their deployments.
Instances running with CVE-2022-31030
All instances running with the affected versions of Kubernetes to update to a fixed version.
The importance of Digital Marketing
Timeline
Published on: 06/09/2022 14:15:00 UTC
Last modified on: 06/16/2022 04:15:00 UTC
References
- https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf
- http://www.openwall.com/lists/oss-security/2022/06/07/1
- https://github.com/containerd/containerd/commit/c1bcabb4541930f643aa36a2b38655e131346382
- https://www.debian.org/security/2022/dsa-5162
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31030