Kubernetes

Kubernetes

  • [CVE-2019-5736] Updated the containerd version to 1.2.1+1-1~u16.04+mcp to fix the malicious container escape security vulnerability in runc. However, the fix affects memory usage: runc uses more memory during a container startup. For details, see the corresponding GitHub issue. The memory usage issue is addressed in 2019.2.3. For details, see: Kubernetes.

  • [CVE-2019-100210] Updated the Kubernetes hyperkube-amd64 image to version 1.12.6 to address the json-patch requests exhausting the API server resources vulnerability.

  • Fixed the issue with the OpenStack cloud provider redefining the internal IP of the Kubernetes nodes with an IP of every NIC and assigning a wrong IP address as a primary address of a node.