Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 783474 (CVE-2021-25735)

Summary: <sys-cluster/kube-apiserver-{1.18.18,1.19.10,1.20.6}: multiple vulnerabilities (CVE-2021-{3121,25735})
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: williamh
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.20.md#cve-2021-25735-validating-admission-webhook-does-not-observe-some-previous-fields
See Also: https://bugs.gentoo.org/show_bug.cgi?id=765046
Whiteboard: B4 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-04-17 18:57:36 UTC 
CVE-2021-25735:

A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. You are only affected by this vulnerability if you run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object.

Note: This only impacts validating admission plugins that rely on old values in certain fields, and does not impact calls from kubelets that go through the built-in NodeRestriction admission plugin.

This release also addresses CVE-2021-3121 (see also bug 765046).


Fixes in 1.20.6, 1.19.10, and 1.18.18. Please bump.
Comment 1 William Hubbs gentoo-dev 2021-04-30 17:18:57 UTC 
All versions older than the ones listed in this bug have been removed
from the tree.

Thanks,

William
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-05-13 13:18:23 UTC 
Thank you!
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:23:05 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:31:25 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 17:39:22 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 17:47:31 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 18:03:28 UTC Comment hidden (obsolete)
Comment 8 NATTkA bot gentoo-dev 2021-07-29 18:11:46 UTC 
Package list is empty or all packages have requested keywords.