[CVE-2019-5736] Updated the containerd version to 1.2.1+1-1~u16.04+mcp to fix the malicious container escape security vulnerability in runc. However, the fix affects memory usage: runc uses more memory during a container startup. For details, see the corresponding GitHub issue. The memory usage issue is addressed in 2019.2.3. For details, see: Kubernetes.
[CVE-2019-100210] Updated the Kubernetes hyperkube-amd64
image
to version 1.12.6 to address the json-patch
requests
exhausting the API server resources vulnerability.
Fixed the issue with the OpenStack cloud provider redefining the internal IP of the Kubernetes nodes with an IP of every NIC and assigning a wrong IP address as a primary address of a node.