question

TaB-8489 avatar image
0 Votes"
TaB-8489 asked TaB-8489 edited

How to handle vulnerability in AKS ip-masq-agent?

Team,

In case of vulnerability CVE-2019-12900 and CVE-2018-12886 in ip-masq-agent is it necessary to update the complete AKS cluster. Currently, our ip-masq-agent is on v2.5.0 which has these issues.

Kindly confirm as early as possible.

Thank you

azure-kubernetes-serviceazure-container-registry
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Sam-Cogan avatar image
0 Votes"
Sam-Cogan answered TaB-8489 commented

Updates to system images in AKS occur on a regular basis. To make sure you have the latest you should undertake a Node OS upgrade - this is not a full Kubernetes upgrade, just the Node OS version. You can do this with this command:

 az aks nodepool get-upgrades \
     --nodepool-name mynodepool \
     --cluster-name myAKSCluster \
     --resource-group myResourceGroup

More details here


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Dear @Sam-Cogan, Thank you so much for the reply. Will update them.. But do we have any docs available on msdn stating the vulnerabilities removed from the upgraded OS

0 Votes 0 ·