Summary: | sys-cluster/{kubernetes,kube-controller-manager}: Potential credential leakage in kube-controller-manager logs (CVE-2019-11252) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | williamh |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/kubernetes/kubernetes/pull/88684 | ||
Whiteboard: | C4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2020-07-24 18:04:29 UTC
We now have 1.16.13. I don't know whether the 1.16 and 1.17 versions in the tree are vulnerable or not, so I'll wait for a comment from the security team. I meant to list the other versions we have. We currently have versions 1.16.13, 1.17.9 and 1.18.6. It looks like this will not be backported to 1.16 or even 1.17 (see https://github.com/kubernetes/kubernetes/pull/89494#issuecomment-619260906, https://github.com/kubernetes/kubernetes/pull/88684#issuecomment-673731833). All versions of 1.18 and later appear to have the fix. William, is it possible at this point to drop the 1.17 branch from Gentoo? Cleanup is done, trivial severity so no GLSA, all done! |