Preface: Deploy the leading enterprise container runtime with just two commands

Background: Mirantis Container Runtime is the industry-leading, high-level runtime at the heart of Mirantis Kubernetes Engine, enabling it to operate Swarm and Kubernetes containers efficiently on any substrate. It is based on containerd, the Cloud Native Computing Foundation (CNCF) core container runtime. FIPS 140-2 is only supported in MCR. MKE and MSR currently do not support FIPS 140-2.

Vulnerability details: When running with FIPS mode enabled, Mirantis Container Runtime leaks memory during TLS Handshakes which could be abused to cause a denial of service.

Affected Products: Mirantis Container Runtime (MCR) version 20.10.8

Mitigations: FIPS mode is not the default mode of operation.

Observation: One of the possibilities. Users using SSL channels with applications often connecting and disconnecting state. The message digest in such a way which could cause internal resources to fail to be cleaned up when multiple threads were starting and ending SSL sessions concurrently.

Official announcement: Please refer to the link – https://github.com/Mirantis/security/blob/main/advisories/0002.md