Skip to main content

Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

  1. Blog
  2. Article

Thibaut Rouffineau
on 4 December 2018

Canonical publishes auto-apply vulnerability patch for Kubernetes


Charmed distribution of Kubernetes clusters auto-apply vulnerability patches for CVE-2018-1002105

On December 3 2018,  the Kubernetes project disclosed a security vulnerability in all versions of its popular container orchestration software. The vulnerability, CVE-2018-1002105, exists in the Kubernetes API server, and allows an attacker to send arbitrary requests to backend cluster services, such as kubelets. The flaw effectively allows any user to gain full administrator privileges on any compute node in the cluster. Worse still, it is nearly impossible to detect whether the security hole has been exploited.

Patches have been released to fix the security flaw in all supported versions of Kubernetes, and are available in versions 1.10.11, 1.11.5, and 1.12.3. Although some non-upgrade mitigations are possible, they are likely to be disruptive, and the Kubernetes team strongly recommends upgrading to one of the patched versions listed above.

For users of the Charmed Distribution of Kubernetes (CDK), updating to the patched versions requires no manual intervention. As of December 4 2018 in the morning, CDK clusters running any supported version (1.10.x, 1.11.x, 1.12.x) will begin to receive and apply the patches automatically, thanks to the auto-updating nature of snap packages. For CDK users running versions older than 1.10, Canonical recommends upgrading to a supported version as soon as possible.

Related posts


Marcin "Perk" Stożek
14 March 2024

How should a great K8s distro feel? Try the new Canonical Kubernetes, now in beta

Kubernetes Article

Try the new Canonical Kubernetes beta, our new distribution that combines ZeroOps for small clusters and intelligent automation for larger production environments that also want to benefit from the latest community innovations ...


Karen Horovitz
18 March 2024

Canonical accelerates AI Application Development with NVIDIA AI Enterprise

Kubernetes Article

Charmed Kubernetes support comes to NVIDIA AI Enterprise Canonical’s Charmed Kubernetes is now supported on NVIDIA AI Enterprise 5.0. Organisations using Kubernetes deployments on Ubuntu can look forward to a seamless licensing migration to the latest release of the NVIDIA AI Enterprise software platform providing developers the latest AI ...


Marcin "Perk" Stożek
14 December 2023

Canonical Kubernetes 1.29 is now generally available

Kubernetes Article

A new upstream Kubernetes release, 1.29, is generally available, with significant new features and bugfixes. Canonical closely follows upstream development, harmonising our releases to deliver timely and up-to-date enhancements backed by our commitment to security and support – which means that MicroK8s 1.29 is now generally available as ...