March 2018 Kubernetes Security Vulnerabilities and Anaconda Enterprise

 

The Anaconda team tracks security vulnerabilities and CVEs via the National Vulnerability Database (NVD) on an ongoing basis. Our team is committed to the security of Anaconda Enterprise by making updates available in a timely manner in response to security vulnerabilities and similar incidents. Two security vulnerabilities (CVE-2017-1002101 and CVE-2017-1002102) were recently identified in Kubernetes, which is used as container orchestration infrastructure for notebook sessions and deployments in Anaconda Enterprise.

These security vulnerabilities allow containers using subpath volume mounts, secrets, configMaps, and projected or downwardAPI volumes to access or delete arbitrary files and folders on the host filesystem.

Additional details regarding the vulnerabilities are provided in the following Common Vulnerabilities and Exposures (CVEs) reports and development issues:

Who is impacted:

These security vulnerabilities impact all customers using Anaconda Enterprise 5.1.1 and earlier, which use affected versions of Kubernetes.

Action required:

An updated version of Anaconda Enterprise 5.1.2 will be made available on March 16, 2018, resolving CVE-2017-1002101 and CVE-2017-1002102. An in-place upgrade to Anaconda Enterprise 5.1.2 can be performed by following the documented upgrade instructions.


You May Also Like

Company Blog
AnacondaCON 2017 Recap: A Community Comes Together
Last week, more than 400 Open Data Science community members descended on the city of Austin to attend our inaugural AnacondaCON event. From data scientists to engineers to bu...
Read More
Data Science Blog
Credit Modeling with Dask
I’ve been working with a large retail bank on their credit modeling system. We’re doing interesting work with Dask to manage complex computations (see task graph below...
Read More
Company Blog
Open Data Science is a Team Sport
As every March Madness fan knows, athletic talent and coaching are key, but it’s how they come together as a unit that determines a team’s success. Known for its drama-rid...
Read More