www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-14T01:28:38+00:00 www.secnews.physaphae.fr Vuln GCP - FLux Vuln GoogleCloudPlatform GCP-2023-030 2023-10-10T17:37:33+00:00 https://cloud.google.com/support/bulletins/index#gcp-2023-030 www.secnews.physaphae.fr/article.php?IdArticle=8393870 False Vulnerability Uber None Vuln GCP - FLux Vuln GoogleCloudPlatform GCP-2023-026 Bulletin de sécurité gke clusters anthos sur le bulletin de sécurité VMware grappes anthos sur le bulletin de sécurité AWS anthos sur le bulletin de sécurité azur anthos sur le bulletin de sécurité en métal nu High CVE-2023-3676 , CVE-2023-3955 , cve-2023-3893
Published: 2023-09-06Description Description Severity Notes Three vulnerabilities (CVE-2023-3676, CVE-2023-3955, CVE-2023-3893) have been discovered in Kubernetes where a user that can create Pods on Windows nodes may be able to escalate to admin privileges on those nodes. These vulnerabilities affect the Windows versions of Kubelet and the Kubernetes CSI proxy. For instructions and more details, see the following bulletins: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2023-3676, CVE-2023-3955, CVE-2023-3893 ]]> 2023-09-06T17:35:09+00:00 https://cloud.google.com/support/bulletins/index#gcp-2023-026 www.secnews.physaphae.fr/article.php?IdArticle=8379787 False Vulnerability Uber 2.0000000000000000 Vuln GCP - FLux Vuln GoogleCloudPlatform GCP-2023-018 2023-06-27T14:55:00+00:00 https://cloud.google.com/support/bulletins/index#gcp-2023-018 www.secnews.physaphae.fr/article.php?IdArticle=8349769 True Vulnerability Uber 2.0000000000000000 Vuln GCP - FLux Vuln GoogleCloudPlatform GCP-2023-017 2023-06-26T18:49:48+00:00 https://cloud.google.com/support/bulletins/index#gcp-2023-017 www.secnews.physaphae.fr/article.php?IdArticle=8349433 False Vulnerability Uber 2.0000000000000000 Vuln GCP - FLux Vuln GoogleCloudPlatform GCP-2023-014 2023-06-15T19:06:42+00:00 https://cloud.google.com/support/bulletins/index#gcp-2023-014 www.secnews.physaphae.fr/article.php?IdArticle=8345868 False None Uber 2.0000000000000000 Vuln GCP - FLux Vuln GoogleCloudPlatform GCP-2022-013 GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin Medium CVE-2022-23648 ]]> 2022-12-21T17:12:56+00:00 https://cloud.google.com/support/bulletins/index#gcp-2022-013 www.secnews.physaphae.fr/article.php?IdArticle=8296089 False Vulnerability Uber 3.0000000000000000 Vuln GCP - FLux Vuln GoogleCloudPlatform GCP-2022-021 A new vulnerability, CVE-2022-3176, has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve full container breakout to root on the node. For instructions and more details, see the following bulletins: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2022-3176 ]]> 2022-12-21T17:12:56+00:00 https://cloud.google.com/support/bulletins/index#gcp-2022-021 www.secnews.physaphae.fr/article.php?IdArticle=8296081 True Vulnerability,Guideline Uber 3.0000000000000000 Vuln GCP - FLux Vuln GoogleCloudPlatform GCP-2022-011 There is a misconfiguration with Simultaneous Multi-Threading (SMT), also known as Hyper-threading, on GKE Sandbox images. The misconfiguration leaves nodes potentially exposed to side channel attacks such as Microarchitectural Data Sampling (MDS) (for more context, see GKE Sandbox documentation). We do not recommend using the following affected versions: 1.22.4-gke.1501 1.22.6-gke.300 1.23.2-gke.300 1.23.3-gke.600 For instructions and more details, see the: GKE security bulletin. Medium ]]> 2022-12-21T17:12:56+00:00 https://cloud.google.com/support/bulletins/index#gcp-2022-011 www.secnews.physaphae.fr/article.php?IdArticle=8296091 False None Uber 3.0000000000000000 Vuln GCP - FLux Vuln GoogleCloudPlatform GCP-2022-012 GKE Sandbox are unaffected.
A security vulnerability, CVE-2022-0847, has been discovered in the Linux kernel version 5.8 and later that can potentially escalate container privileges to root. This vulnerability affects the following products: GKE node pool versions 1.22 and later that use Container-Optimized OS images (Container-Optimized OS 93 and later) Anthos clusters on VMware v1.10 for Container-Optimized OS images Anthos clusters on AWS v1.21 and Anthos clusters on AWS (previous generation) v1.19, v1.20, v1.21, which use Ubuntu Managed clusters of Anthos on Azure v1.21 which use Ubuntu For instructions and more details, see the following security bulletins: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2022-0847 ]]> 2022-12-21T17:12:56+00:00 https://cloud.google.com/support/bulletins/index#gcp-2022-012 www.secnews.physaphae.fr/article.php?IdArticle=8296090 True Vulnerability Uber 3.0000000000000000 Vuln GCP - FLux Vuln GoogleCloudPlatform GCP-2022-017 GKE Sandbox are not affected by these vulnerabilities.
2022-07-21 Update: additional information on Anthos clusters on VMware.
A new vulnerability (CVE-2022-1786) has been discovered in the Linux kernel versions 5.10 and 5.11. This vulnerability allows an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. Only clusters that run Container-Optimized OS are affected. GKE Ubuntu versions use either version 5.4 or 5.15 of the kernel and are not affected. For instructions and more details, see the: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2022-1786 ]]> 2022-12-21T17:12:56+00:00 https://cloud.google.com/support/bulletins/index#gcp-2022-017 www.secnews.physaphae.fr/article.php?IdArticle=8296085 True Vulnerability Uber 3.0000000000000000 Vuln GCP - FLux Vuln GoogleCloudPlatform GCP-2022-014 GKE Sandbox are unaffected.
2022-05-12 Update: The Anthos clusters on AWS and Anthos on Azure versions have been updated. For instructions and more details, see the:Anthos clusters on AWS security bulletin Anthos on bare metal security bulletin
Two security vulnerabilities, CVE-2022-1055 and CVE-2022-27666 have been discovered in the Linux kernel. Each can lead to a local attacker being able to perform a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all GKE node operating systems (Container-Optimized OS and Ubuntu). For instructions and more details, see the following security bulletins: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2022-1055 CVE-2022-27666 ]]> 2022-12-21T17:12:56+00:00 https://cloud.google.com/support/bulletins/index#gcp-2022-014 www.secnews.physaphae.fr/article.php?IdArticle=8296088 False Guideline Uber 3.0000000000000000 Vuln GCP - FLux Vuln GoogleCloudPlatform GCP-2022-002 GKE security bulletin 2022-02-23 Update: The GKE and Anthos clusters on VMware versions have been updated. For instructions and more details, see the: GKE security bulletin Anthos clusters on VMware security bulletin
2022-02-04 Update: The rollout start date for GKE patch versions was February 2. Note: Your clusters might not have these versions available immediately. Rollouts began on February 2 and take four or more business days to be completed across all Google Cloud zones.
Three security vulnerabilities, CVE-2021-4154, CVE-2021-22600, and CVE-2022-0185, have been discovered in the Linux kernel, each of which can lead to either a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all node operating systems (COS and Ubuntu) on GKE, Anthos clusters on VMware, Anthos clusters on AWS (current and previous generation), and Anthos on Azure. Pods using GKE Sandbox are not vulnerable to these vulnerabilities. See the COS release notes for more details. For instructions and more details, see the: GKE security bulletin Anthos clusters on VMware security bulletin High CVE-2021-4154 CVE-2021-22600 CVE-2022-0185 ]]> 2022-12-21T17:12:56+00:00 https://cloud.google.com/support/bulletins/index#gcp-2022-002 www.secnews.physaphae.fr/article.php?IdArticle=8296099 False Guideline Uber 3.0000000000000000 Vuln GCP - FLux Vuln GoogleCloudPlatform GCP-2021-021 GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on bare metal security bulletin Medium CVE-2020-8561 ]]> 2022-12-21T17:12:56+00:00 https://cloud.google.com/support/bulletins/index#gcp-2021-021 www.secnews.physaphae.fr/article.php?IdArticle=8296103 False None Uber 3.0000000000000000