Описание
ELSA-2018-4061: kubernetes security update (IMPORTANT)
[1.9.1-2.1.5]
- Production built 1.9.1-2.1.5
- Fix the upgrade version check
- Remove w/a from [Orabug 27125915]
[1.9.1-2.1.4.dev]
- Make sure worker node upgrade properly
- [Orabug 27649898]
[1.9.1-2.1.3.dev]
- Ensure that the runtime mounts RO volumes read-only [CVE-2017-1002102]
- Update Dashboard version to v1.8.3 [CVE-2017-1002102]
- Fix nested volume mounts for read-only API data volumes [CVE-2017-1002102]
- Fixed kubeadm-setup.sh and kubeadm-registry.sh
- Add feature gate for subpath [CVE-2017-1002101]
- Add subpath e2e tests [CVE-2017-1002101]
- Lock subPath volumes [CVE-2017-1002101]
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
kubeadm
1.9.1-2.1.5.el7
kubectl
1.9.1-2.1.5.el7
kubelet
1.9.1-2.1.5.el7
Связанные CVE
Связанные уязвимости
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to version ...
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.