Bugzilla – Bug 1089654
VUL-0: CVE-2018-1002100: kubernetes: Kubectl copy doesn't check for paths outside of the destination directory
Last modified: 2018-07-18 09:12:25 UTC
When using kubectl to cp files to a pod, if the container returns a malformed tarfile with paths like, '/some/remote/dir/../../../../tmp/foo' kubectl writes this to /tmp/foo instead of /some/local/dir/tmp/foo. SUSE:SLE-12-SP3:Update:Products:CASP20:Update affected. Reproduction is described in the test added in https://github.com/kubernetes/kubernetes/issues/61297 References: https://bugzilla.redhat.com/show_bug.cgi?id=1564305 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1002100
fix for 1.9 https://github.com/kubernetes/kubernetes/commit/f180c969ccd47b9d00dbaf5cbd5b37eb8b49ae08.patch
Created attachment 767609 [details] tentative patch for 1.8 I could not test it properly but we can build the package to test it.
Unit tests on 1.8 patch were fine. Run as "make test WHAT=k8s.io/kubernetes/pkg/kubectl"
Created attachment 767616 [details] patch for 1.9 (from upstream)
for kubernetes 1.9, this was fixed in version 1.9.5. See changelog in: https://github.com/kubernetes/kubernetes/compare/v1.9.5...release-1.9. the commit is f180c96 kubernetes in Factory is now 1.9.6. No need to update.
MR has been submitted for CaaSP 2.0: https://build.suse.de/request/show/162601
SUSE-SU-2018:1982-1: An update that solves one vulnerability and has two fixes is now available. Category: security (moderate) Bug References: 1069469,1089654,1089991 CVE References: CVE-2018-1002100 Sources used: SUSE CaaS Platform ALL (src): kubernetes-1.8.10-3.3.1
(In reply to Swamp Workflow Management from comment #11) > SUSE-SU-2018:1982-1: An update that solves one vulnerability and has two > fixes is now available. > > Category: security (moderate) > Bug References: 1069469,1089654,1089991 > CVE References: CVE-2018-1002100 > Sources used: > SUSE CaaS Platform ALL (src): kubernetes-1.8.10-3.3.1 Fix has been released. Closing.