Kubernetes/dnsmasq Security Advisory: CVE-2017-14491

The dnsmasq vulnerability CVE-2017-14491 requires upgrade to a patched version of Kubernetes.

Google’s security team has published vulnerabilities relating to dnsmasq. In Kubernetes environments, dnsmasq runs as part of kube-dns. We’re providing updates to the kubernetes system template in order to upgrade dnsmasq and mitigate the associated risks involved. We recommend upgrading your Kubernetes environments to a patched version as soon as possible. Here are the latest Kubernetes versions containing the fix:

  • For Rancher v1.6 users, please upgrade to Kubernetes v1.7.7-rancher1.

Note: If you are running Rancher v1.6.5 or lower, you will need to upgrade to a Rancher v1.6.6 or greater to get the latest Kubernetes version.

  • For Rancher v1.5 users, please upgrade to Kubernetes v1.5.8-rancher1-1

More information on the CVE’s found, see the google announcement here:

1 Like