Skip to main content
All posts tagged “security”

An admission plugin security vulnerability related to PodSecurityPolicies was patched with the release of Kubernetes v1.5.5. This vulnerability could allow users to make use of any PodSecurityPolicies object, including those they are not authorized to use.

Am I affected by this vulnerability?

This vulnerability only affects Kubernetes v1.5.0-1.5.4 and, more specifically, installations that do all of the following:

A critical security bug has been found and fixed in Kubernetes TLS client authentication. This vulnerability affects Kubernetes v1.4.2 and older, and has been fixed in Kubernetes v1.4.3 and higher.

Identifying Affected Systems

To determine if a Kubernetes cluster is currently running a vulnerable version, run:

Update 2 (May 19): Read the post-mortem blog post dissecting this vulnerability and the CoreOS response

Update 1 (May 16 04:28 PDT): 99% of affected hosts have been updated

Clair, by CoreOS

Four months ago, CoreOS launched an

This week Go 1.5.3 was released to address a security vulnerability. CoreOS Linux itself and the CoreOS products shipped with it are not affected by this issue. Users of etcd and dex on other operating systems should take action.

At CoreOS, running containers securely is a number one priority. We recently landed a number of features that are helping make CoreOS Linux a trusted and even more secure place to run containers. As of the 808.0.0 release, CoreOS Linux is tightly integrated with SELinux to enforce fine-grained permissions for applications. Building on top of these permissions, our container runtime, rkt, has gained support for SVirt in addition to a default SELinux policy.

Subscribe to security