Dear Rancher Customer,
Kubernetes released patch versions today (July 16th) to address the following three medium-rated vulnerabilities:
|CVE-2020-8557||Node disk DOS by writing to container /etc/hosts||Medium|
|CVE-2020-8558||Kubernetes: Node setting allows for neighboring hosts to bypass localhost boundary||Medium|
|CVE-2020-8559||Privilege escalation from compromised node to cluster||Medium to High|
To see if your clusters are vulnerable, please go through the CVE posts in the kubernetes-security-announce forum.
New Kubernetes releases that provide fixes for the above three vulnerabilities
Rancher versions that support the new Kubernetes releases
This communication is to let you know of the already available Rancher releases that have been dynamically enabled for supporting the new Kubernetes versions. The Rancher releases that have added support for the new Kubernetes versions are:
To address vulnerabilities CVE-2020-8557, CVE-2020-8558, and CVE-2020-8559, we recommend upgrading your Kubernetes clusters to one of these new Kubernetes versions.
New RKE version that supports the new Kubernetes releases
RKE v1.1.14 is now available with support for Kubernetes v1.18.6, v1.17.9, v1.16.13 and v1.15.12, and can be used to upgrade the RKE cluster that the Rancher control plane is installed on, as well as upgrade any customer clusters that were built using RKE.
New K3S versions that address the vulnerabilities
Note: Whilst CVE-2020-8558 is not explicitly mentioned in the releases notes of the above K3S versions, the fix for it has been carried forward into these versions from previous maintenance releases.
For Rancher versions v2.2.x and lower
This communication is not applicable to users of Rancher v2.2.x and lower. All aforementioned CVEs have been patched in Kubernetes versions v1.16.x and higher only. These are Kubernetes versions that are not supported by Rancher v2.2.x and lower.
If there are any questions, simply submit a request via this portal referencing this article and we will track and respond to your question as a Support Ticket.
Rancher Support Team