Mitigating the Leaky Vessels Container Escape vulnerabilities

On January 31st 2024, the Snyk Security Labs team identified multiple vulnerabilities, now called “Leaky Vessels”, affecting software components used on Kubernetes infrastructure to run and manage containers. Our users’ security is our top priority, and we take this matter very seriously.

These vulnerabilities can be used for container escapes – to gain access to the host operating system from the containers. The vulnerability can therefore be used to access and control data and services running on the host and other containers on the host.

We highly recommend upgrading the Kubernetes worker nodes used on all Kubernetes installations, including those on UpCloud’s Managed Kubernetes clusters.

The necessary patches have been applied to the templates used to create new worker nodes on UpCloud starting from 2024-02-02 16:00:00 UTC, meaning all newly created Kubernetes nodes are already covered. Applying the necessary changes to existing Kubernetes clusters requires actions from the cluster administrator and affected customers have been contacted directly.

If you have any concerns or require further assistance, please don’t hesitate to contact our dedicated support team.

Janne Ruostemaa

Editor-in-Chief

Container performance on popular cloud providers

Containers are great for easy app deployment and scaling but is that all? This comparison looks into container performance on popular cloud providers.

Comparisons

Kubernetes vs Docker Swarm: Comparison of the Two Giants in Container Orchestration

In this post, we will take a look at how the two of the major players developing container orchestration, Docker and Kubernetes, compare.

Comparisons

The rise of CoreOS

CoreOS — an open source specialised operating system that utilises Linux containers providing similar benefits to virtual machines, but with a focus on applications.

Industry analyses

Back to top