2:10 p.m.
On 2019-12-24 17:35, Grimmett, Tim@FTB wrote:
When will Podman project be providing a fix for
CVE-2019-11244<https://nvd.nist.gov/vuln/detail/CVE-2019-11244> related to
Kubernetes v1.8.x-v1.14.x vulnerability?
See - https://github.com/kubernetes/kubernetes/issues/76676
Thank you in advance for your quick reply.
______________________________________________________________________
CONFIDENTIALITY NOTICE: This email from the State of California is for the sole use of the
intended recipient and may contain confidential and privileged information. Any
unauthorized review or use, including disclosure or distribution, is prohibited. If you
are not the intended recipient, please contact the sender and destroy all copies of this
email.
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io
Hi,
I do not believe this vulnerability applies to Podman. Podman is not
intended to be used with Kubernetes; for a container runtime to use
with Kube, you may want to investigate CRI-O.
Furthermore, it appears that this vulnerability only impacts the
`kubectl` command, and does not appear to extend beyond Kubernetes.
I do not believe that a fix to this issue requires changes to anything
beyond Kubernetes, so Podman and CRI-O should not require changes to
resolve the CVE; an update to Kubernetes alone should be sufficient to
address it.
Thanks,
Matthew Heon