Cloud Financial Management (FinOps)
Autoscaling applications
Amazon Web Services
Big data
Container infrastructure
Microsoft Azure
Reserved commitment management
Cloud services for MSPs
Google Cloud
Spot Overview
About NetApp
Elastigroup
Ocean
Ocean CD
Spot Connect
Eco
Cost Intelligence
Billing Engine
CloudCheckr
Ocean for Apache Spark
Spot Security
Case Studies
Resource Center
Documentation
News
Service Status
What Is CloudOps?
How to Operationalize FinOps
About Us
Contact Us
Careers
Spotinst is aware of CVE-2019-5736, relating to runc, which is used in Docker to spawn and run containers.
The vulnerability allows the attacker to gain access as root to the host machine through the mishandling of a file-descriptor.
Any customer running containers should follow the below steps in order to update to the latest patched versions of Docker which mitigate this threat.
Spotinst recommends to take following actions to avoid exposure to vulnerability:
Elastigroup with AWS ECS
Users should replace existing container instances with the latest AMI version to address the issue described above.
Amazon ECS Optimized AMIs, including the Amazon Linux AMI, the Amazon Linux 2 AMI, and the GPU-Optimized AMI, are available now.
Elastigroup with AWS EKS
Users should replace existing container instances with the latest AMI version to address the issue described above.
An updated Amazon EKS Optimized AMI is available in the AWS Marketplace.
Elastigroup with AWS Fargate
Customers running Fargate Services should call UpdateService with “–force-new-deployment” enabled to launch all new Tasks on the latest Platform Version 1.3. Customers running standalone tasks should terminate existing tasks, and re-launch using the latest version
Elastigroup with AWS Batch
An updated Amazon ECS Optimized AMI is available as the default Compute Environment AMI.
Elastigroup with AWS Beanstalk
Users using Managed Platform Updates will be automatically updated to the latest platform version in their selected maintenance window with no action required.
Users without automatic platform updates need to update their platform manually.
Ocean Clusters
Users should replace existing worker nodes with the latest AMI version to address the issue described above.
Instructions on how to update worker nodes can be found in the EKS documentation.
Elastigroups / Ocean using other AMIs with KOPS or Custom API
Get latest version of Docker and apply respectively.
For further questions or assistant please contact our support 24/7.