January 04, 2019
This advisory was first communicated by email, on the date mentioned above, to all Rancher customers with a then active support subscription.
Greetings,
Kubernetes has announced couple of patches today to address recently discovered security vulnerabilities for both kubernetes and the kubernetes dashboard:
- [CVE-2018-18264] Accessing custom TLS certs via the kubernetes dashboard
- Kubernetes API server external IP address proxying
For more details on the announcement, see:
https://discuss.kubernetes.io/t/security-release-of-dashboard-v1-10-1-cve-2018-18264/4069
https://discuss.kubernetes.io/t/security-impact-of-kubernetes-api-server-external-ip-address-proxying/4072
At Rancher, we want to make sure you are always updated with the latest security fixes and patches so the updated kubernetes versions v1.10.12, v1.11.6, and v1.12.4 that address this issue will be made available in Rancher v2.1.5 and v2.0.10. There are no new Rancher v1.6 versions for these vulnerabilities because standard v1.6.x installations are not affected.
For more details of how these vulnerabilities may apply to you, please visit this blog post:
https://rancher.com/blog/2019/2019-01-04-kubernetes-dashboard-external-ip-proxying-vulnerabilities/
Thanks,
Rancher Support Team
Comments
Article is closed for comments.