Your submission was sent successfully! Close

  1. Blog
  2. Article

Thibaut Rouffineau
on 4 December 2018

Canonical publishes auto-apply vulnerability patch for Kubernetes


Charmed distribution of Kubernetes clusters auto-apply vulnerability patches for CVE-2018-1002105

On December 3 2018,  the Kubernetes project disclosed a security vulnerability in all versions of its popular container orchestration software. The vulnerability, CVE-2018-1002105, exists in the Kubernetes API server, and allows an attacker to send arbitrary requests to backend cluster services, such as kubelets. The flaw effectively allows any user to gain full administrator privileges on any compute node in the cluster. Worse still, it is nearly impossible to detect whether the security hole has been exploited.

Patches have been released to fix the security flaw in all supported versions of Kubernetes, and are available in versions 1.10.11, 1.11.5, and 1.12.3. Although some non-upgrade mitigations are possible, they are likely to be disruptive, and the Kubernetes team strongly recommends upgrading to one of the patched versions listed above.

For users of the Charmed Distribution of Kubernetes (CDK), updating to the patched versions requires no manual intervention. As of December 4 2018 in the morning, CDK clusters running any supported version (1.10.x, 1.11.x, 1.12.x) will begin to receive and apply the patches automatically, thanks to the auto-updating nature of snap packages. For CDK users running versions older than 1.10, Canonical recommends upgrading to a supported version as soon as possible.

Related posts


Canonical
5 September 2023

도커(Docker) 컨테이너 보안: 우분투 프로(Ubuntu Pro)로 FIPS 지원 컨테이너 이해하기

FIPS Security

오늘날 급변하는 디지털 환경에서 강력한 도커 컨테이너 보안 조치의 중요성은 아무리 강조해도 지나치지 않습니다. 컨테이너화된 계층도 규정 준수 표준의 적용을 받기 때문에 보안 문제 및 규정 준수 요구 사항이 발생합니다. 도커 컨테이너 보안 조치는 경량의 어플라이언스 유형 컨테이너(각 캡슐화 코드 및 해당 종속성)를 위협 및 취약성으로부터 보호하는 것을 수반합니다. 민감한 개인 데이터를 처리하는 데 의존하는 ...


ijlal-loutfi
28 June 2023

Strengthen your cloud cyber security with Ubuntu Pro and confidential VMs

Ubuntu Article

Strengthen your cloud cyber security with Ubuntu Pro and confidential VMs. This blog dives into the crucial role your OS plays in cloud security and highlights the extensive security measures offered by Ubuntu, including the game-changing confidential computing technology. ...


Hugo Huang
5 December 2023

How to use Ubuntu in GKE on nodes and in containers

Cloud and server Article

Google Kubernetes Engine (GKE) traces its roots back to Google’s development of Borg in 2004, a Google internal system managing clusters and applications. In 2014, Google introduced Kubernetes, an open-source platform based on Borg’s principles, gaining rapid popularity for automating containerized application deployment. In 2015, Google ...