715208 – (CVE-2019-11254, CVE-2020-8552) sys-cluster/kube-apiserver: Multiple vulnerabilities (CVE-2019-11254, CVE-2020-8552)

Bug 715208 (CVE-2019-11254, CVE-2020-8552) - sys-cluster/kube-apiserver: Multiple vulnerabilities (CVE-2019-11254, CVE-2020-8552)

Summary: sys-cluster/kube-apiserver: Multiple vulnerabilities (CVE-2019-11254, CVE-202...

Status:	RESOLVED FIXED

Alias:	CVE-2019-11254, CVE-2020-8552

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial
Assignee:	Gentoo Security

URL:	https://github.com/kubernetes/kuberne...
Whiteboard:	~3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2020-03-29 01:32 UTC by Sam James
Modified:	2020-04-02 19:05 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2020-03-29 01:32:35 UTC

Description:
"The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests."

PR: https://github.com/kubernetes/kubernetes/pull/87669

Affected versions in tree:
- <1.17.3
- <1.16.7
- <1.15.11
- 1.14.x

Comment 1 Sam James archtester

2020-03-29 01:33:22 UTC

@maintainer(s), please cleanup

Comment 2 Sam James archtester

2020-04-01 23:52:29 UTC

* CVE-2019-11254

Description:
"The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML."

URL: https://github.com/kubernetes/kubernetes/issues/89535

---
So cleanup is still the right action.

Comment 3 Larry the Git Cow gentoo-dev

2020-04-02 15:55:38 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=774dfab52bb05ea749d9ef9e042c8915de93f843

commit 774dfab52bb05ea749d9ef9e042c8915de93f843
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2020-04-02 15:52:40 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2020-04-02 15:55:15 +0000

    sys-cluster/kube-scheduler: security cleanup
    
    Bug: https://bugs.gentoo.org/715206
    Bug: https://bugs.gentoo.org/715208
    
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 sys-cluster/kube-scheduler/Manifest                |  6 ---
 .../kube-scheduler/kube-scheduler-1.14.10.ebuild   | 48 ----------------------
 .../kube-scheduler/kube-scheduler-1.15.7.ebuild    | 48 ----------------------
 .../kube-scheduler/kube-scheduler-1.15.9.ebuild    | 48 ----------------------
 .../kube-scheduler/kube-scheduler-1.16.4.ebuild    | 48 ----------------------
 .../kube-scheduler/kube-scheduler-1.16.6.ebuild    | 48 ----------------------
 .../kube-scheduler/kube-scheduler-1.17.2.ebuild    | 43 -------------------
 7 files changed, 289 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=086b80e366fdf6440630097133cd2cb9977c2a2b

commit 086b80e366fdf6440630097133cd2cb9977c2a2b
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2020-04-02 15:45:10 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2020-04-02 15:55:15 +0000

    sys-cluster/kube-proxy: security cleanup
    
    Bug: https://bugs.gentoo.org/715206
    Bug: https://bugs.gentoo.org/715208
    
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 sys-cluster/kube-proxy/Manifest                  |  6 ----
 sys-cluster/kube-proxy/kube-proxy-1.14.10.ebuild | 44 ------------------------
 sys-cluster/kube-proxy/kube-proxy-1.15.7.ebuild  | 44 ------------------------
 sys-cluster/kube-proxy/kube-proxy-1.15.9.ebuild  | 44 ------------------------
 sys-cluster/kube-proxy/kube-proxy-1.16.4.ebuild  | 44 ------------------------
 sys-cluster/kube-proxy/kube-proxy-1.16.6.ebuild  | 44 ------------------------
 sys-cluster/kube-proxy/kube-proxy-1.17.2.ebuild  | 40 ---------------------
 7 files changed, 266 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16b23f97bbaa9fab8ac7a79a2787444997c7c907

commit 16b23f97bbaa9fab8ac7a79a2787444997c7c907
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2020-04-02 15:30:55 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2020-04-02 15:55:14 +0000

    sys-cluster/kubelet: security cleanup
    
    Bug: https://bugs.gentoo.org/715206
    Bug: https://bugs.gentoo.org/715208
    
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 sys-cluster/kubelet/Manifest               |  7 -----
 sys-cluster/kubelet/kubelet-1.14.10.ebuild | 47 ------------------------------
 sys-cluster/kubelet/kubelet-1.14.9.ebuild  | 47 ------------------------------
 sys-cluster/kubelet/kubelet-1.15.7.ebuild  | 47 ------------------------------
 sys-cluster/kubelet/kubelet-1.15.9.ebuild  | 47 ------------------------------
 sys-cluster/kubelet/kubelet-1.16.4.ebuild  | 47 ------------------------------
 sys-cluster/kubelet/kubelet-1.16.6.ebuild  | 47 ------------------------------
 sys-cluster/kubelet/kubelet-1.17.2.ebuild  | 43 ---------------------------
 8 files changed, 332 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b34dd9bf13df6f26d1324822a37d60834e114e78

commit b34dd9bf13df6f26d1324822a37d60834e114e78
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2020-04-02 15:24:08 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2020-04-02 15:55:14 +0000

    sys-cluster/kubectl: security cleanup
    
    Bug: https://bugs.gentoo.org/715206
    Bug: https://bugs.gentoo.org/715208
    
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 sys-cluster/kubectl/Manifest               |  8 -----
 sys-cluster/kubectl/kubectl-1.14.10.ebuild | 47 -----------------------------
 sys-cluster/kubectl/kubectl-1.14.9.ebuild  | 47 -----------------------------
 sys-cluster/kubectl/kubectl-1.15.7.ebuild  | 48 ------------------------------
 sys-cluster/kubectl/kubectl-1.15.9.ebuild  | 48 ------------------------------
 sys-cluster/kubectl/kubectl-1.16.4.ebuild  | 48 ------------------------------
 sys-cluster/kubectl/kubectl-1.16.6.ebuild  | 48 ------------------------------
 sys-cluster/kubectl/kubectl-1.17.0.ebuild  | 47 -----------------------------
 sys-cluster/kubectl/kubectl-1.17.2.ebuild  | 38 -----------------------
 9 files changed, 379 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9c07d87915620fb7f2e04a0874136bf79a1161c3

commit 9c07d87915620fb7f2e04a0874136bf79a1161c3
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2020-04-02 15:17:58 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2020-04-02 15:55:14 +0000

    sys-cluster/kube-controller-manager: security cleanup
    
    Bug: https://bugs.gentoo.org/715206
    Bug: https://bugs.gentoo.org/715208
    
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 sys-cluster/kube-controller-manager/Manifest       |  6 ---
 .../kube-controller-manager-1.14.10.ebuild         | 48 ----------------------
 .../kube-controller-manager-1.15.7.ebuild          | 48 ----------------------
 .../kube-controller-manager-1.15.9.ebuild          | 48 ----------------------
 .../kube-controller-manager-1.16.4.ebuild          | 48 ----------------------
 .../kube-controller-manager-1.16.6.ebuild          | 48 ----------------------
 .../kube-controller-manager-1.17.2.ebuild          | 43 -------------------
 7 files changed, 289 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9e1bb0f2c7dc5608c4513cca5cee595432f6b208

commit 9e1bb0f2c7dc5608c4513cca5cee595432f6b208
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2020-04-02 15:13:09 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2020-04-02 15:55:14 +0000

    sys-cluster/kube-apiserver: security cleanup
    
    Bug: https://bugs.gentoo.org/715206
    Bug: https://bugs.gentoo.org/715208
    
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 sys-cluster/kube-apiserver/Manifest                |  6 ---
 .../kube-apiserver/kube-apiserver-1.14.10.ebuild   | 48 ----------------------
 .../kube-apiserver/kube-apiserver-1.15.7.ebuild    | 48 ----------------------
 .../kube-apiserver/kube-apiserver-1.15.9.ebuild    | 48 ----------------------
 .../kube-apiserver/kube-apiserver-1.16.4.ebuild    | 48 ----------------------
 .../kube-apiserver/kube-apiserver-1.16.6.ebuild    | 48 ----------------------
 .../kube-apiserver/kube-apiserver-1.17.2.ebuild    | 43 -------------------
 7 files changed, 289 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f1853884e5d1277ca3fcf24cadcfc02e2f856bc7

commit f1853884e5d1277ca3fcf24cadcfc02e2f856bc7
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2020-04-02 15:04:50 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2020-04-02 15:55:14 +0000

    sys-cluster/kubeadm: security cleanup
    
    Bug: https://bugs.gentoo.org/715206
    Bug: https://bugs.gentoo.org/715208
    
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 sys-cluster/kubeadm/Manifest                       |   9 --
 .../kubeadm/files/kubeadm-1.14-openrc.patch        | 110 ---------------------
 sys-cluster/kubeadm/kubeadm-1.14.8.ebuild          |  50 ----------
 sys-cluster/kubeadm/kubeadm-1.14.9.ebuild          |  50 ----------
 sys-cluster/kubeadm/kubeadm-1.15.5.ebuild          |  47 ---------
 sys-cluster/kubeadm/kubeadm-1.15.6.ebuild          |  47 ---------
 sys-cluster/kubeadm/kubeadm-1.15.9.ebuild          |  47 ---------
 sys-cluster/kubeadm/kubeadm-1.16.2.ebuild          |  47 ---------
 sys-cluster/kubeadm/kubeadm-1.16.3.ebuild          |  47 ---------
 sys-cluster/kubeadm/kubeadm-1.16.6.ebuild          |  47 ---------
 sys-cluster/kubeadm/kubeadm-1.17.2.ebuild          |  38 -------
 11 files changed, 539 deletions(-)

Comment 4 Sam James archtester

2020-04-02 19:05:49 UTC

Thanks! Tree clean.