Uploaded image for project: 'ONAP Operations Manager'
  1. ONAP Operations Manager
  2. OOM-1539

CVE-2018-1002105: proxy request handling in kube-apiserver can leave vulnerable TCP connections · Issue #71411 · kubernetes/kubernetes · GitHub

    XMLWordPrintable

Details

    • Casablanca-3.0.1 (12/01-01/29)

    Description

      K8S issue:

      https://github.com/kubernetes/kubernetes/issues/71411

      Casablanca recommendations are :

      https://onap.readthedocs.io/en/casablanca/guides/onap-developer/settingup/index.html#requirements

       i.e. 1.11.2

      It seems there is a fix for this in 1.11.5 (a minor upgrade)

       Verified via LOG-895

      upgrade from 1.6.22 to 1.6.25 to move to kubernetes 1.11.3/1.11.5

      Kubernetes 1.11.5 (server only) in Rancher 1.6.25 has the same fix as kubernetes 1.12.3 for https://github.com/kubernetes/kubernetes/issues/71411

       

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. LOG-325 CD: Kubernetes Automated Provisioning Rancher Script - for Ubuntu 16 VMs

          • Medium - Failure of non-critical aspects of the system but results in an inconvenient situation. It causes some undesirable behavior, but the system is still functional. There is a reasonably satisfactory workaround. It is still a valid defect that should be corrected May be fixed after the release or in the next release.
          • Closed

          Sub-task - The sub-task of the issue MSB-278 upgrade to helm 2.9.1 - follow OOM-1299

          • Medium - Failure of non-critical aspects of the system but results in an inconvenient situation. It causes some undesirable behavior, but the system is still functional. There is a reasonably satisfactory workaround. It is still a valid defect that should be corrected May be fixed after the release or in the next release.
          • Closed

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. OOM-1299 SPIKE: Determine versions of Kubernetes and Helm to use in Casablanca

          • Medium - Failure of non-critical aspects of the system but results in an inconvenient situation. It causes some undesirable behavior, but the system is still functional. There is a reasonably satisfactory workaround. It is still a valid defect that should be corrected May be fixed after the release or in the next release.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. OOM-1496 Update K8s and Helm for Dublin Release

          • Medium - Failure of non-critical aspects of the system but results in an inconvenient situation. It causes some undesirable behavior, but the system is still functional. There is a reasonably satisfactory workaround. It is still a valid defect that should be corrected May be fixed after the release or in the next release.
          • Closed

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. OOM-1499 Update Dublin OOM user guide with Helm/K8s versions

          • Medium - Failure of non-critical aspects of the system but results in an inconvenient situation. It causes some undesirable behavior, but the system is still functional. There is a reasonably satisfactory workaround. It is still a valid defect that should be corrected May be fixed after the release or in the next release.
          • Closed

          Task - A task that needs to be done. OOM-1511 Dublin: Upgrade/Align with Integration on Rancher 1.6.22 up from 1.6.18 - raises K8S to 1.11 from 1.10 - spike post OOM-1299

          • Medium - Failure of non-critical aspects of the system but results in an inconvenient situation. It causes some undesirable behavior, but the system is still functional. There is a reasonably satisfactory workaround. It is still a valid defect that should be corrected May be fixed after the release or in the next release.
          • Closed

          Sub-task - The sub-task of the issue OOM-1545 OOM Installation scripts

          • Medium - Failure of non-critical aspects of the system but results in an inconvenient situation. It causes some undesirable behavior, but the system is still functional. There is a reasonably satisfactory workaround. It is still a valid defect that should be corrected May be fixed after the release or in the next release.
          • Closed

          Task - A task that needs to be done. TSC-25 Task Force to implement CD (Continuous Deployment)

          • High - Severely impaired functionality. Erratic performance and reduced system availability. It may cause major components or features of the system to be unavailable although certain parts of the system remain functional. A workaround may exist but its use is unsatisfactory or at a high time cost (manual intervention required). Must be fixed in any of the upcoming builds and should be included in the current release.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. DOC-368 Rancher upgrade from 1.6.22 to 1.6.25 pushes kubernetes to 1.11.5

          • Medium - Failure of non-critical aspects of the system but results in an inconvenient situation. It causes some undesirable behavior, but the system is still functional. There is a reasonably satisfactory workaround. It is still a valid defect that should be corrected May be fixed after the release or in the next release.
          • Closed

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. LOG-895 Upgrade Rancher to 1.6.25 to address CVE-2018-1002105 and move to Kubernetes 1.11.5 (server side)

          • Medium - Failure of non-critical aspects of the system but results in an inconvenient situation. It causes some undesirable behavior, but the system is still functional. There is a reasonably satisfactory workaround. It is still a valid defect that should be corrected May be fixed after the release or in the next release.
          • Closed

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. TSC-75 CVE security governance of deployment undercloud (Docker, Kubernetes, Helm, Rancher) - propose new CLM job

          • Medium - Failure of non-critical aspects of the system but results in an inconvenient situation. It causes some undesirable behavior, but the system is still functional. There is a reasonably satisfactory workaround. It is still a valid defect that should be corrected May be fixed after the release or in the next release.
          • Closed
          mentioned in

          Page Loading...

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              melliott Mike Elliott
              Katel34 Catherine Lefevre
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: