Canonical publishes auto-apply vulnerability patch for Kubernetes

Thibaut Rouffineau

Thibaut Rouffineau

on 4 December 2018

Charmed Kubernetes

Charmed distribution of Kubernetes clusters auto-apply vulnerability patches for CVE-2018-1002105

On December 3 2018,  the Kubernetes project disclosed a security vulnerability in all versions of its popular container orchestration software. The vulnerability, CVE-2018-1002105, exists in the Kubernetes API server, and allows an attacker to send arbitrary requests to backend cluster services, such as kubelets. The flaw effectively allows any user to gain full administrator privileges on any compute node in the cluster. Worse still, it is nearly impossible to detect whether the security hole has been exploited.

Patches have been released to fix the security flaw in all supported versions of Kubernetes, and are available in versions 1.10.11, 1.11.5, and 1.12.3. Although some non-upgrade mitigations are possible, they are likely to be disruptive, and the Kubernetes team strongly recommends upgrading to one of the patched versions listed above.

For users of the Charmed Distribution of Kubernetes (CDK), updating to the patched versions requires no manual intervention. As of December 4 2018 in the morning, CDK clusters running any supported version (1.10.x, 1.11.x, 1.12.x) will begin to receive and apply the patches automatically, thanks to the auto-updating nature of snap packages. For CDK users running versions older than 1.10, Canonical recommends upgrading to a supported version as soon as possible.

Ubuntu cloud

Ubuntu offers all the training, software infrastructure, tools, services and support you need for your public and private clouds.

Newsletter signup

Select topics you’re interested in

In submitting this form, I confirm that I have read and agree to Canonical’s Privacy Notice and Privacy Policy.

Related posts

Financial services businesses say multi-cloud is central to their plans for AI, containers and blockchain, 451 Research reveals

The Canonical commissioned study found that 60% of financial services businesses bank on the benefits of multi-cloud to support emerging technologies, but significant skills gap still exists An independent report by 451 Research, ‘Multi-…

Ubuntu 14.04 Trusty Tahr End of Life

Ubuntu 14.04 LTS – ESM will become available once Ubuntu 14.04 Trusty Tahr reaches its End of Life on April 30, 2019. Extended Security Maintenance (ESM) is an available feature with Ubuntu Advantage, Canonical’s commercial support…

Where eagles snap – A closer look

A couple of weeks ago, we talked about snap security, taking a journey through the eyes of a developer and handing over to a user who wants to install applications from the Snap Store. We discussed concepts like application confinement,…