March 2018 Kubernetes Security Vulnerabilities and Anaconda Enterprise

 

The Anaconda team tracks security vulnerabilities and CVEs via the National Vulnerability Database (NVD) on an ongoing basis. Our team is committed to the security of Anaconda Enterprise by making updates available in a timely manner in response to security vulnerabilities and similar incidents. Two security vulnerabilities (CVE-2017-1002101 and CVE-2017-1002102) were recently identified in Kubernetes, which is used as container orchestration infrastructure for notebook sessions and deployments in Anaconda Enterprise.

These security vulnerabilities allow containers using subpath volume mounts, secrets, configMaps, and projected or downwardAPI volumes to access or delete arbitrary files and folders on the host filesystem.

Additional details regarding the vulnerabilities are provided in the following Common Vulnerabilities and Exposures (CVEs) reports and development issues:

Who is impacted:

These security vulnerabilities impact all customers using Anaconda Enterprise 5.1.1 and earlier, which use affected versions of Kubernetes.

Action required:

An updated version of Anaconda Enterprise 5.1.2 will be made available on March 16, 2018, resolving CVE-2017-1002101 and CVE-2017-1002102. An in-place upgrade to Anaconda Enterprise 5.1.2 can be performed by following the documented upgrade instructions.


You May Also Like

Company Blog
Anaconda included in Gartner’s 2018 Magic Quadrant for Data Science and Machine Learning Platforms
Gartner recently released its 2018 Magic Quadrant for Data Science and Machine Learning Platforms, featuring Anaconda for the first time. For those unfamiliar with the process...
Read More
Company Blog
What You Missed on Day One of AnacondaCON 2018
And we’re off! Day One of AnacondaCON 2018 is officially in the books, y’all. For those of you who couldn’t make the trek to Texas, here are some highlights from what yo...
Read More
Company Blog
New Release of Anaconda Enterprise features Expanded GPU and Container Usage
Anaconda, Inc. is thrilled to announce the latest release of Anaconda Enterprise, our popular AI/ML enablement platform for teams at scale. The release of Anaconda Enterprise ...
Read More