Shulou(Shulou.com)06/03 Report--

On August 6th, Kubernetes released three new patches to fix two recently discovered security vulnerabilities CVE-2019-11247 and CVE-2019-11249. Rancher responded quickly and released the latest version of Rancher v2.2.7 on August 7, which supports the newly released patch version of Kubernetes and includes fixes to Rancher's recent CVE, as well as features and optimizations.

Kubernetes CVE and repair version

The three new versions of Kubernetes are:

V1.13.9

V1.14.5

V1.15.2

The following vulnerabilities have been fixed in the new version:

CVE-2019-11247:

This vulnerability could cause API Server to allow access to custom resources through an incorrect scope. Kubernetes versions affected by this vulnerability include:

Kubernetes 1.7.x-1.12.x

Kubernetes 1.13.0-1.13.8

Kubernetes 1.14.0-1.14.4

Kubernetes 1.15.0-1.15.1

CVE-2019-11249:

The fixes for CVE-2019-1002101 and CVE-2019-11246 are not complete, and this vulnerability could cause malicious containers to have permission to create or replace files on the client computer when the client uses kubectl cp operations. Kubernetes versions affected by this vulnerability include:

Kubernetes 1.0.x-1.12.x

Kubernetes 1.13.0-1.13.8

Kubernetes 1.14.0-1.14.4

Kubernetes 1.15.0-1.15.1

For the security of your cluster, it is recommended that you upgrade all Kubernetes clusters to the newly released repair version. For more details on CVE, please see:

Https://groups.google.com/forum/#!topic/kubernetes-security-announce/vUtEcSEY6SM

Rancher 2.2.7 release

Today, Rancher Labs released a new version of Rancher v2.2.7, which supports patches released by Kubernetes on August 6th (v1.13.9, v1.14.5, v1.15.2). At the same time, Rancher v2.2.7 also fixes recently discovered security vulnerabilities CVE-2019-14435 and CVE-2019-14436.

Currently, the Latest and Stable versions of Rancher are as follows:

At the same time, Rancher Labs officially released v2.1.12, which is available to users who have not yet upgraded to Rancher 2.2.x. This version of Rancher currently supports only Kubernetes v1.13.9.

In addition, Rancher v2.2.7 and v2.1.12 fixed two CVE recently discovered in Rancher:

CVE-2019-14435: as a result of this vulnerability, authenticated users may be able to extract other private data from the IP available to the system service container used by Rancher, including, but not limited to, services such as cloud provider metadata services. Although Rancher users can configure white-name single domains for system service access, malicious users still exploit this flaw through well-crafted HTTP requests. This vulnerability was discovered and reported by Matt Belile and Alex Stevenson of Workiva.

CVE-2019-14436: through this vulnerability, members with only "Project owner" role privileges (even members with lower privileges in editing role bindings) will be able to grant themselves higher, cluster-level roles, thereby gaining permission to manage the cluster. This vulnerability was discovered and reported by Nokia's Michal Lipinski.

Please note:

Rancher 1.6.x users are not affected by these two security vulnerabilities of Kubernetes because Rancher 1.6.x itself does not support the version of Kubernetes affected by these two vulnerabilities.

About users of Rancher 2.0.x:

Similar to Rancher 1.6.x, Rancher 2.0.x does not support the above Kubernetes version, so it is not affected by the two security vulnerabilities of Kubernetes.

With regard to the two vulnerabilities of Rancher, as shown on the Rancher terms of Service page, Rancher 2.0.x is currently in the EOM-to-EOL support phase of its product life cycle. Therefore, Rancher officially has no plans to release a v2.0.x patch to fix CVE-2019-14435 and CVE-2019-14436. For enterprise subscription customers of Rancher, if you have special circumstances and need to fix these two vulnerabilities in v2.0.x, please contact Rancher's technical support team. Alternatively, upgrade your Rancher to the latest version before the v2.0.x EOL date (November 1, 2019).

Function and optimization

Added support for Docker 19.03

Added the ability to set the S3 backup path

Download and upgrade

You can go to the Rancher GitHub home page to read the full Rancher 2.2.7 Release Note, download to use the latest version, or learn more about upgrade rollback.

GitHub link:

Https://github.com/rancher/rancher/releases

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.