Rancher Security Advisory: CVE-2020-8557, CVE-2020-8558 and CVE-2020-8559 reported by Kubernetes

Follow
Table of Contents

Dear Rancher Customer,

Kubernetes released patch versions today (July 16th) to address the following three medium-rated vulnerabilities:

CVE Description Rating
CVE-2020-8557 Node disk DOS by writing to container /etc/hosts Medium
CVE-2020-8558 Kubernetes: Node setting allows for neighboring hosts to bypass localhost boundary Medium
CVE-2020-8559 Privilege escalation from compromised node to cluster Medium to High

To see if your clusters are vulnerable, please go through the CVE posts in the kubernetes-security-announce forum.

New Kubernetes releases that provide fixes for the above three vulnerabilities

  • v1.18.6
  • v1.17.9
  • v1.16.13

Rancher versions that support the new Kubernetes releases

This communication is to let you know of the already available Rancher releases that have been dynamically enabled for supporting the new Kubernetes versions. The Rancher releases that have added support for the new Kubernetes versions are:

To address vulnerabilities CVE-2020-8557, CVE-2020-8558, and CVE-2020-8559, we recommend upgrading your Kubernetes clusters to one of these new Kubernetes versions.

New RKE version that supports the new Kubernetes releases

RKE v1.1.14 is now available with support for Kubernetes v1.18.6, v1.17.9, v1.16.13 and v1.15.12, and can be used to upgrade the RKE cluster that the Rancher control plane is installed on, as well as upgrade any customer clusters that were built using RKE.

New K3S versions that address the vulnerabilities

Note: Whilst CVE-2020-8558 is not explicitly mentioned in the releases notes of the above K3S versions, the fix for it has been carried forward into these versions from previous maintenance releases.

For Rancher versions v2.2.x and lower

This communication is not applicable to users of Rancher v2.2.x and lower.  All aforementioned CVEs have been patched in Kubernetes versions v1.16.x and higher only.  These are Kubernetes versions that are not supported by Rancher v2.2.x and lower.

If there are any questions, simply submit a request via this portal referencing this article and we will track and respond to your question as a Support Ticket.

Thanks,
Rancher Support Team

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.