How to handle vulnerability in AKS ip-masq-agent?

Tanul 1,251 Reputation points
2022-05-13T06:33:26.287+00:00

Team,

In case of vulnerability CVE-2019-12900 and CVE-2018-12886 in ip-masq-agent is it necessary to update the complete AKS cluster. Currently, our ip-masq-agent is on v2.5.0 which has these issues.

Kindly confirm as early as possible.

Thank you

Azure Container Registry
Azure Container Registry
An Azure service that provides a registry of Docker and Open Container Initiative images.
382 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,852 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sam Cogan 10,082 Reputation points MVP
    2022-05-13T22:38:57.42+00:00

    Updates to system images in AKS occur on a regular basis. To make sure you have the latest you should undertake a Node OS upgrade - this is not a full Kubernetes upgrade, just the Node OS version. You can do this with this command: 

    az aks nodepool get-upgrades \  
    --nodepool-name mynodepool \  
    --cluster-name myAKSCluster \  
    --resource-group myResourceGroup

    More details here