Описание
ELSA-2020-5767: kubernetes security update (IMPORTANT)
[1.12.10-1.0.13]
- CVE-2020-8559: Privilege escalation from compromised node to cluster
- CVE-2020-8557: Node disk DOS by writing to container /etc/hosts
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
kubeadm
1.12.10-1.0.13.el7
kubectl
1.12.10-1.0.13.el7
kubelet
1.12.10-1.0.13.el7
Связанные CVE
Связанные уязвимости
ELSA-2020-5766: Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes olcne security update (IMPORTANT)
ELSA-2020-5765: Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes kubernetes istio olcne security update (IMPORTANT)
The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail.
The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail.
The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail.