The dnsmasq vulnerability CVE-2017-14491 requires upgrade to a patched version of Kubernetes.
Google’s security team has published vulnerabilities relating to dnsmasq. In Kubernetes environments, dnsmasq runs as part of kube-dns. We’re providing updates to the kubernetes system template in order to upgrade dnsmasq and mitigate the associated risks involved. We recommend upgrading your Kubernetes environments to a patched version as soon as possible. Here are the latest Kubernetes versions containing the fix:
- For Rancher v1.6 users, please upgrade to Kubernetes
v1.7.7-rancher1.
Note: If you are running Rancher v1.6.5 or lower, you will need to upgrade to a Rancher v1.6.6 or greater to get the latest Kubernetes version.
- For Rancher v1.5 users, please upgrade to Kubernetes
v1.5.8-rancher1-1
More information on the CVE’s found, see the google announcement here: