Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-12-21 17:12:56 |
(Déjà vu) GCP-2022-021 (lien direct) |
Published: 2022-10-27Updated: 2022-12-15Description
Description
Severity
Notes
2022-12-15 Update: Updated information that version 1.21.14-gke.9400 of Google Kubernetes Engine is pending rollout and may be superseded by a higher version number. 2022-11-22 Update: Added patch versions for Anthos clusters on VMware, Anthos clusters on AWS, and Anthos on Azure. A new vulnerability, CVE-2022-3176, has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve full container breakout to root on the node. For instructions and more details, see the following bulletins: GKE security bulletin
Anthos clusters on VMware security bulletin
Anthos clusters on AWS security bulletin
Anthos on Azure security bulletin
Anthos on bare metal security bulletin
High
CVE-2022-3176
|
Vulnerability
Guideline
|
Uber
|
★★★
|
|
2022-12-21 17:12:56 |
GCP-2022-014 (lien direct) |
Published: 2022-04-26 Updated: 2022-11-22Description
Description
Severity
Notes
2022-11-22 Update: GKE Autopilot clusters and workloads running in GKE Sandbox are unaffected. 2022-05-12 Update: The Anthos clusters on AWS and Anthos on Azure versions have been updated. For instructions and more details, see the:Anthos clusters on AWS security bulletin
Anthos on bare metal security bulletin
Two security vulnerabilities, CVE-2022-1055 and CVE-2022-27666 have been discovered in the Linux kernel. Each can lead to a local attacker being able to perform a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all GKE node operating systems (Container-Optimized OS and Ubuntu). For instructions and more details, see the following security bulletins: GKE security bulletin
Anthos clusters on VMware security bulletin
Anthos clusters on AWS security bulletin
Anthos on Azure security bulletin
Anthos on bare metal security bulletin
High
CVE-2022-1055 CVE-2022-27666
|
Guideline
|
Uber
|
★★★
|
|
2022-12-21 17:12:56 |
GCP-2022-002 (lien direct) |
Published:Updated:Description
Description
Severity
Notes
2022-02-25 Update: The GKE versions have been updated. For instructions and more details, see the: GKE security bulletin 2022-02-23 Update: The GKE and Anthos clusters on VMware versions have been updated. For instructions and more details, see the: GKE security bulletin
Anthos clusters on VMware security bulletin 2022-02-04 Update: The rollout start date for GKE patch versions was February 2. Note: Your clusters might not have these versions available immediately. Rollouts began on February 2 and take four or more business days to be completed across all Google Cloud zones. Three security vulnerabilities, CVE-2021-4154, CVE-2021-22600, and CVE-2022-0185, have been discovered in the Linux kernel, each of which can lead to either a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all node operating systems (COS and Ubuntu) on GKE, Anthos clusters on VMware, Anthos clusters on AWS (current and previous generation), and Anthos on Azure. Pods using GKE Sandbox are not vulnerable to these vulnerabilities. See the COS release notes for more details. For instructions and more details, see the: GKE security bulletin
Anthos clusters on VMware security bulletin
High
CVE-2021-4154
CVE-2021-22600
CVE-2022-0185
|
Guideline
|
Uber
|
★★★
|