Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mitigating CVE-2019-11245 in hail's k8s cluster #6679

Closed
danking opened this issue Jul 18, 2019 · 4 comments
Closed

Mitigating CVE-2019-11245 in hail's k8s cluster #6679

danking opened this issue Jul 18, 2019 · 4 comments
Assignees
@danking

Comments

@danking
Copy link
Contributor

danking commented Jul 18, 2019

#6678 addresses this vulnerability in our notebook service.

A long term fix is to upgrade to a version of k8s where this vulnerability is fixed. 1.13.7 is available and I believe it addresses this vulnerability. We should do this as well.
@danking danking self-assigned this Jul 18, 2019
@danking
Copy link
Contributor Author

danking commented Jul 18, 2019

related: kubernetes/kubernetes#78308

@danking
Copy link
Contributor Author

danking commented Jul 18, 2019

Definitely resolved in 1.13.7, confirmed by kubernetes/kubernetes#78308

@akotlar akotlar mentioned this issue Jul 18, 2019
Closed
@danking
Copy link
Contributor Author

danking commented Jul 18, 2019

Upgrading to 1.13.7 now.

@danking
Copy link
Contributor Author

danking commented Jul 19, 2019

Resolved by upgrade and mitigations. Created #6693 to track the more general issue of containers (non-buggily) running as root in our cluster.

@danking danking closed this as completed Jul 19, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@danking danking

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@danking