[CVE-2019-5736] Updated the containerd version to 1.2.1+1-1~u16.04+mcp
to fix the malicious container escape security vulnerability in runc.
However, the fix affects memory usage:
runc uses more memory during a container startup.
For details, see the corresponding
GitHub issue.
The memory usage issue is addressed in 2019.2.3. For details, see:
Kubernetes.
[CVE-2019-100210] Updated the Kubernetes hyperkube-amd64 image
to version 1.12.6 to address the json-patch requests
exhausting the API server resources vulnerability.
Fixed the issue with the OpenStack cloud provider redefining the internal IP
of the Kubernetes nodes with an IP of every NIC and assigning
a wrong IP address as a primary address of a node.