Bug#929225: kubernetes: CVE-2018-1002100

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Bug#929225: kubernetes: CVE-2018-1002100

Salvatore Bonaccorso-4
Source: kubernetes
Version: 1.7.16+dfsg-1
Severity: grave
Tags: security upstream
Forwarded: https://github.com/kubernetes/kubernetes/issues/61297


The following vulnerability was published for kubernetes.

| In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to
| version 1.9.6, the kubectl cp command insecurely handles tar data
| returned from the container, and can be caused to overwrite arbitrary
| local files.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-1002100
[1] https://github.com/kubernetes/kubernetes/issues/61297