Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 783474 (CVE-2021-25735) - <sys-cluster/kube-apiserver-{1.18.18,1.19.10,1.20.6}: multiple vulnerabilities (CVE-2021-{3121,25735})
Summary: <sys-cluster/kube-apiserver-{1.18.18,1.19.10,1.20.6}: multiple vulnerabilitie...
Alias: CVE-2021-25735
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [glsa?]
Depends on:
Reported: 2021-04-17 18:57 UTC by John Helmert III
Modified: 2021-07-29 18:11 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-04-17 18:57:36 UTC

A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. You are only affected by this vulnerability if you run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object.

Note: This only impacts validating admission plugins that rely on old values in certain fields, and does not impact calls from kubelets that go through the built-in NodeRestriction admission plugin.

This release also addresses CVE-2021-3121 (see also bug 765046).

Fixes in 1.20.6, 1.19.10, and 1.18.18. Please bump.
Comment 1 William Hubbs gentoo-dev 2021-04-30 17:18:57 UTC
All versions older than the ones listed in this bug have been removed
from the tree.


Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-05-13 13:18:23 UTC
Thank you!
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:23:05 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:31:25 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 17:39:22 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 17:47:31 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 18:03:28 UTC Comment hidden (obsolete)
Comment 8 NATTkA bot gentoo-dev 2021-07-29 18:11:46 UTC
Package list is empty or all packages have requested keywords.