Addressing Kubernetes CVE-2018-1002105


#1

As @ibuildthecloud was the one to report the vulnerability to Kubernetes, Rancher has already put a fix in place to mitigate the vulnerability when accessing Kubernetes clusters through Rancher. This is available in Rancher v2.1.2.

Since Kubernetes has fixed this in official releases, the team is working on getting these updated Kubernetes versions into a patch release. We are working on release patches for 2.1.x, 2.0.x and 1.6.x and will be making these available ASAP.

The following Rancher launched Kubernetes clusters will be fixed:

In Rancher 2.1.3, we will update to Kubernetes v1.10.11, v1.11.5, and v1.12.3.
In Rancher 2.0.9, we will update to Kubernetes v1.10.11 and v1.11.5.
In Rancher 1.6.25, we will update to Kubernetes v1.11.5.

We will be releasing announcements on these releases as soon as they are available.


#2