Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 813642 (CVE-2021-25741)

Summary: <sys-cluster/kubelet-{1.19.15,1.20.11,1.21.5,1.22.2}: host filesystem access
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: williamh
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/kubernetes/kubernetes/issues/104980
Whiteboard: B4 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-18 13:34:00 UTC
From URL:

"A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem."


Fixes in 1.19.15, 1.20.11, 1.21.5, and 1.22.2. Please bump.
Comment 1 William Hubbs gentoo-dev 2021-09-20 21:48:06 UTC
The versions listed in this bug have been stabilized and all previous
versions are removed.

Thanks,

William
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-20 21:51:19 UTC
Thanks William!