Summary: | sys-cluster/kubelet: Denial of service via kublet API (CVE-2020-8551) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | williamh |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/kubernetes/kubernetes/issues/89377 | ||
Whiteboard: | ~3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
2020-03-29 01:26:51 UTC
@maintainer(s): please drop: - 1.14.x - <1.15.10 - <1.16.7 - <1.17.3 OR stabilise a newer version (amd64 is stuck on vulnerable 1.14.9 at the moment). The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=774dfab52bb05ea749d9ef9e042c8915de93f843 commit 774dfab52bb05ea749d9ef9e042c8915de93f843 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2020-04-02 15:52:40 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2020-04-02 15:55:15 +0000 sys-cluster/kube-scheduler: security cleanup Bug: https://bugs.gentoo.org/715206 Bug: https://bugs.gentoo.org/715208 Signed-off-by: William Hubbs <williamh@gentoo.org> sys-cluster/kube-scheduler/Manifest | 6 --- .../kube-scheduler/kube-scheduler-1.14.10.ebuild | 48 ---------------------- .../kube-scheduler/kube-scheduler-1.15.7.ebuild | 48 ---------------------- .../kube-scheduler/kube-scheduler-1.15.9.ebuild | 48 ---------------------- .../kube-scheduler/kube-scheduler-1.16.4.ebuild | 48 ---------------------- .../kube-scheduler/kube-scheduler-1.16.6.ebuild | 48 ---------------------- .../kube-scheduler/kube-scheduler-1.17.2.ebuild | 43 ------------------- 7 files changed, 289 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=086b80e366fdf6440630097133cd2cb9977c2a2b commit 086b80e366fdf6440630097133cd2cb9977c2a2b Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2020-04-02 15:45:10 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2020-04-02 15:55:15 +0000 sys-cluster/kube-proxy: security cleanup Bug: https://bugs.gentoo.org/715206 Bug: https://bugs.gentoo.org/715208 Signed-off-by: William Hubbs <williamh@gentoo.org> sys-cluster/kube-proxy/Manifest | 6 ---- sys-cluster/kube-proxy/kube-proxy-1.14.10.ebuild | 44 ------------------------ sys-cluster/kube-proxy/kube-proxy-1.15.7.ebuild | 44 ------------------------ sys-cluster/kube-proxy/kube-proxy-1.15.9.ebuild | 44 ------------------------ sys-cluster/kube-proxy/kube-proxy-1.16.4.ebuild | 44 ------------------------ sys-cluster/kube-proxy/kube-proxy-1.16.6.ebuild | 44 ------------------------ sys-cluster/kube-proxy/kube-proxy-1.17.2.ebuild | 40 --------------------- 7 files changed, 266 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16b23f97bbaa9fab8ac7a79a2787444997c7c907 commit 16b23f97bbaa9fab8ac7a79a2787444997c7c907 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2020-04-02 15:30:55 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2020-04-02 15:55:14 +0000 sys-cluster/kubelet: security cleanup Bug: https://bugs.gentoo.org/715206 Bug: https://bugs.gentoo.org/715208 Signed-off-by: William Hubbs <williamh@gentoo.org> sys-cluster/kubelet/Manifest | 7 ----- sys-cluster/kubelet/kubelet-1.14.10.ebuild | 47 ------------------------------ sys-cluster/kubelet/kubelet-1.14.9.ebuild | 47 ------------------------------ sys-cluster/kubelet/kubelet-1.15.7.ebuild | 47 ------------------------------ sys-cluster/kubelet/kubelet-1.15.9.ebuild | 47 ------------------------------ sys-cluster/kubelet/kubelet-1.16.4.ebuild | 47 ------------------------------ sys-cluster/kubelet/kubelet-1.16.6.ebuild | 47 ------------------------------ sys-cluster/kubelet/kubelet-1.17.2.ebuild | 43 --------------------------- 8 files changed, 332 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b34dd9bf13df6f26d1324822a37d60834e114e78 commit b34dd9bf13df6f26d1324822a37d60834e114e78 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2020-04-02 15:24:08 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2020-04-02 15:55:14 +0000 sys-cluster/kubectl: security cleanup Bug: https://bugs.gentoo.org/715206 Bug: https://bugs.gentoo.org/715208 Signed-off-by: William Hubbs <williamh@gentoo.org> sys-cluster/kubectl/Manifest | 8 ----- sys-cluster/kubectl/kubectl-1.14.10.ebuild | 47 ----------------------------- sys-cluster/kubectl/kubectl-1.14.9.ebuild | 47 ----------------------------- sys-cluster/kubectl/kubectl-1.15.7.ebuild | 48 ------------------------------ sys-cluster/kubectl/kubectl-1.15.9.ebuild | 48 ------------------------------ sys-cluster/kubectl/kubectl-1.16.4.ebuild | 48 ------------------------------ sys-cluster/kubectl/kubectl-1.16.6.ebuild | 48 ------------------------------ sys-cluster/kubectl/kubectl-1.17.0.ebuild | 47 ----------------------------- sys-cluster/kubectl/kubectl-1.17.2.ebuild | 38 ----------------------- 9 files changed, 379 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9c07d87915620fb7f2e04a0874136bf79a1161c3 commit 9c07d87915620fb7f2e04a0874136bf79a1161c3 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2020-04-02 15:17:58 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2020-04-02 15:55:14 +0000 sys-cluster/kube-controller-manager: security cleanup Bug: https://bugs.gentoo.org/715206 Bug: https://bugs.gentoo.org/715208 Signed-off-by: William Hubbs <williamh@gentoo.org> sys-cluster/kube-controller-manager/Manifest | 6 --- .../kube-controller-manager-1.14.10.ebuild | 48 ---------------------- .../kube-controller-manager-1.15.7.ebuild | 48 ---------------------- .../kube-controller-manager-1.15.9.ebuild | 48 ---------------------- .../kube-controller-manager-1.16.4.ebuild | 48 ---------------------- .../kube-controller-manager-1.16.6.ebuild | 48 ---------------------- .../kube-controller-manager-1.17.2.ebuild | 43 ------------------- 7 files changed, 289 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9e1bb0f2c7dc5608c4513cca5cee595432f6b208 commit 9e1bb0f2c7dc5608c4513cca5cee595432f6b208 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2020-04-02 15:13:09 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2020-04-02 15:55:14 +0000 sys-cluster/kube-apiserver: security cleanup Bug: https://bugs.gentoo.org/715206 Bug: https://bugs.gentoo.org/715208 Signed-off-by: William Hubbs <williamh@gentoo.org> sys-cluster/kube-apiserver/Manifest | 6 --- .../kube-apiserver/kube-apiserver-1.14.10.ebuild | 48 ---------------------- .../kube-apiserver/kube-apiserver-1.15.7.ebuild | 48 ---------------------- .../kube-apiserver/kube-apiserver-1.15.9.ebuild | 48 ---------------------- .../kube-apiserver/kube-apiserver-1.16.4.ebuild | 48 ---------------------- .../kube-apiserver/kube-apiserver-1.16.6.ebuild | 48 ---------------------- .../kube-apiserver/kube-apiserver-1.17.2.ebuild | 43 ------------------- 7 files changed, 289 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f1853884e5d1277ca3fcf24cadcfc02e2f856bc7 commit f1853884e5d1277ca3fcf24cadcfc02e2f856bc7 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2020-04-02 15:04:50 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2020-04-02 15:55:14 +0000 sys-cluster/kubeadm: security cleanup Bug: https://bugs.gentoo.org/715206 Bug: https://bugs.gentoo.org/715208 Signed-off-by: William Hubbs <williamh@gentoo.org> sys-cluster/kubeadm/Manifest | 9 -- .../kubeadm/files/kubeadm-1.14-openrc.patch | 110 --------------------- sys-cluster/kubeadm/kubeadm-1.14.8.ebuild | 50 ---------- sys-cluster/kubeadm/kubeadm-1.14.9.ebuild | 50 ---------- sys-cluster/kubeadm/kubeadm-1.15.5.ebuild | 47 --------- sys-cluster/kubeadm/kubeadm-1.15.6.ebuild | 47 --------- sys-cluster/kubeadm/kubeadm-1.15.9.ebuild | 47 --------- sys-cluster/kubeadm/kubeadm-1.16.2.ebuild | 47 --------- sys-cluster/kubeadm/kubeadm-1.16.3.ebuild | 47 --------- sys-cluster/kubeadm/kubeadm-1.16.6.ebuild | 47 --------- sys-cluster/kubeadm/kubeadm-1.17.2.ebuild | 38 ------- 11 files changed, 539 deletions(-) Changing rating, no stable packages. Closing. CVE-2020-8551 (https://nvd.nist.gov/vuln/detail/CVE-2020-8551): The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250. |