dnsmasq Kubernetes CVE 2017-144481
CVE 14491
Wanted to post about the CVE that was released on 10/2/2017.
From the kops advisory.
A vulnerability in dnsmasq, used by kube-dns, requires an upgrade to the kube-dns component. This component is the default DNS component installed in Kubernetes. The vulnerability may be externally exploitable.
The advisory in the kops repository include instructions for upgrading with kops, when the kops release is cut, and hot-fix instructions. Running one kubectl command is how I like to patch a CVE. K8s for the win!