v1.13.12-lts.1

This is the first fixed release by KLTS for v1.13.12.

Patches

  • CVE-2020-8552

    This vulnerability may make the API Server vulnerable to a DoS (Denial of Service) attack caused by successful API requests.

  • CVE-2020-8558

    The kube-proxy component was found to set the kernel parameter net.ipv4.conf.all.route_localnet=1 in both iptables and ipvs modes to allow local loopback access. An attacker may use the container sharing the host network, or bind and listen to the TCP/UDP service of the local 127.0.0.1 on the cluster node to access the same LAN or adjacent node under the second layer network to obtain interface information. If your service does not set the necessary security certification, it may cause the risk of information leakage.

  • TODO CVE-2020-8559

    This is a security vulnerability of the kube-apiserver component. An attacker can intercept certain upgrade requests sent to the node kubelet, and forward the request to other target nodes through the original access credentials in the request that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

  • CVE-2021-3121

    A program with this vulnerability may crash because of processing some messages that contain malicious Protobuf. If the version of Gogo Protobuf you are using is too low, this vulnerability may exist.

  • nokmem

    The node has sufficient disks, but it keeps reporting that the disk is insufficient to create a Pod.


Last modified March 8, 2022 : mv en to kuberentes/ (95aa90d4)