Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 14 Jan 2016 22:55:48 -0500 (EST)
From: cve-assign@...re.org
To: kseifried@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request for Kubernetes api server: patch operation should use patched object to check admission control

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> CVE request for Kubernetes api server: patch operation should use patched
> object to check admission control
> 
> https://github.com/kubernetes/kubernetes/issues/19479

>> https://github.com/kubernetes/kubernetes/pull/19481

>> This changes the patch implementation to call the admission chain with
>> an Update using the patched object as the input. This allows all the
>> correct defaulters and field authorizer to run as expected.

> TL;DR:  you can patch your resources and they'll always be allowed, so more
> ram, disk, etc. CWE-285

Use CVE-2016-1905.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWmGy3AAoJEL54rhJi8gl53ZIQAKbPGrumv0Nk5rSbiloc/Kje
zFL/7C6ADhN29J1zrelKsXBVh8GFYZNfDZrMGO7yhi3ckPCiLMA1qFU15iUuCUdM
lKxRxRtnCajlmcOC6mDHsyOTkBLvW0iS0heIt/ATN3rcCGORNZ3eiAU0+/8Lp914
lTQVH1dhjWtNTv9f1nay+aGkTfhz4fn2A1IcI6xwFiRaC3+o/BZPIzc4CI4zJ1fw
NE0g9cQ68BFU75zXg5WjWon/Vc4FLosLgF/oRLD8iHu4nththGip+WlKbteuwUrC
CExv/DGRfumpsDe5pZqjC8HJndWhXvjPG9Pkorsvvh7I2j3+qpooMsJmI6V5E85J
kOqW1gEn4MXtTdcSWufXbcFC5Qn1LZ54QYKI47H9NKoNRRJyz8TEOF3Puap1FIxV
ZCSlkv79FQhBLDXkAOWOj41YPPvWa8JCHAsirViZ2Uftt4vXFijoQfsCmrBCrGnI
dcFPlSZwnczFz5rBy/df/5V69juDWQDd76ckGkUe33numpdENnNa6XztRfgO+ICL
0l9PjfCz/ANQT/SrgvPalBMyuPYzh7P7o2AVxUM1fQxO7z+juip2xM/k+E3aucb4
Urzy7whUTvcL1mnMX3gfnXWoSjgmDqsyXYfcD4QWU4WoaDDAw2E9P2LTEPCMqi6R
c6TKbhJYZXuAatFdmgA1
=ELu9
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ