Описание
ELSA-2020-5725: kubernetes kubeadm-ha-setup kubernetes-cni kubernetes-cni-plugins security update (IMPORTANT)
kubernetes [1.12.10-1.0.12]
- CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements
- CVE-2020-8555: Half-Blind SSRF in kube-controller-manager
kubeadm-ha-setup [0.0.2-1.0.70]
- Enhance image tag read to depend on kubeadm-registry.sh for CVE release CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements CVE-2020-8555: Half-Blind SSRF in kube-controller-manager
kubernetes-cni [0.7.1-1.0.1]
- Added Oracle specific build files for Kubernetes CNI
kubernetes-cni-plugins [0.8.6-1.0.1]
- Added Oracle specific build files for Kubernetes CNI Plugins
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
kubeadm
1.12.10-1.0.12.el7
kubeadm-ha-setup
0.0.2-1.0.70.el7
kubectl
1.12.10-1.0.12.el7
kubelet
1.12.10-1.0.12.el7
kubernetes-cni
0.7.1-1.0.1.el7
kubernetes-cni-plugins
0.8.6-1.0.2.el7
Связанные CVE
Связанные уязвимости
ELSA-2020-5727: kubernetes-cni-plugins kubernetes-cni kubernetes olcne security update (IMPORTANT)
ELSA-2020-5726: grafana kubernetes-cni kubernetes-cni-plugins kubernetes kubernetes olcne security update (IMPORTANT)
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).