--- This is a critical security advisory from VMware (VMSA) ---
Greetings from the VMware Security Response Center!
Yesterday Kubernetes disclosed CVE-2018-1002105 – a critical severity vulnerability in the Kubernetes API server. For more details on the vulnerability please see Kubernetes’ announcement here:
This vulnerability affects the following VMware products:
-VMware Pivotal Container Service (PKS)
-VMware vCloud Director Container Service Extension (CSE)
-Photon OS
There will be no VMware Security Advisory since remediation for these products has already been documented in a separate advisory or the offering’s github page.
Remediation Information:
PKS – Fixed in 1.2.3
Documentation: https://docs.pivotal.io/runtimes/pks/1-2/release-notes.html
Advisory: https://pivotal.io/security/cve-2018-1002105
CSE – Fixed in 1.2.5
Documentation: https://vmware.github.io/container-service-extension/RELEASE_NOTES.html
Photon OS – Fixed in 1.10.11-1 and 1.11.5-1
Advisory: https://github.com/vmware/photon/wiki/Security-Updates-2-112
For our service offerings that use Kubernetes, mitigations are already in place which have closed down the critical severity attack vector associated with CVE-2018-1002105 while full remediation is in progress.
The post CVE-2018-1002105 appeared first on VMware Security & Compliance Blog.