ALT-PU-2020-2454-1
Package kubernetes updated to version 1.18.6-alt1 for branch sisyphus in task 255355.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2020-8557
The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail.
- https://github.com/kubernetes/kubernetes/issues/93032
- https://github.com/kubernetes/kubernetes/issues/93032
- [Security Advisory] CVE-2020-8557: Node disk DOS by writing to container /etc/hosts
- [Security Advisory] CVE-2020-8557: Node disk DOS by writing to container /etc/hosts
- https://security.netapp.com/advisory/ntap-20200821-0002/
- https://security.netapp.com/advisory/ntap-20200821-0002/
Modified: 2024-11-21
CVE-2020-8559
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
- https://github.com/kubernetes/kubernetes/issues/92914
- https://github.com/kubernetes/kubernetes/issues/92914
- https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ
- https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ
- https://security.netapp.com/advisory/ntap-20200810-0004/
- https://security.netapp.com/advisory/ntap-20200810-0004/