How to handle vulnerability in AKS ip-masq-agent?

Tanul 1,281 Reputation points
2022-05-13T06:33:26.287+00:00

Team,

In case of vulnerability CVE-2019-12900 and CVE-2018-12886 in ip-masq-agent is it necessary to update the complete AKS cluster. Currently, our ip-masq-agent is on v2.5.0 which has these issues.

Kindly confirm as early as possible.

Thank you

Azure Container Registry
Azure Container Registry
An Azure service that provides a registry of Docker and Open Container Initiative images.
467 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,196 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Sam Cogan 10,757 Reputation points MVP
    2022-05-13T22:38:57.42+00:00

    Updates to system images in AKS occur on a regular basis. To make sure you have the latest you should undertake a Node OS upgrade - this is not a full Kubernetes upgrade, just the Node OS version. You can do this with this command:

    az aks nodepool get-upgrades \  
        --nodepool-name mynodepool \  
        --cluster-name myAKSCluster \  
        --resource-group myResourceGroup  
    

    More details here


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.