Azure Kubernetes Service updates for Linux Kernel (SACK) vulnerabilities (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479)

["Jeroschewski Sven Erik (INST-CSS/BSV-OS1)" <SvenErik.Jeroschewski@xxxxxxxxxxxx>]

Title: Azure CXP Service Notification

Dear Eclipse Kuksa Developers,

 

We plan to update the Kubernetes cluster for the Appstacle/Kuksa cloud in Azure this afternoon (23^rd June 19). During the time of the update there may be a short downtime. Please let us know, if experience any issues with the hosted Eclipse Kuksa services cluster in the next days.

 

The main reason for the update are vulnerabilities in the Linux Kernel as announced by Microsoft. For more details see the attached announcement below.

 

Mit freundlichen Grüßen / Best regards

Sven Erik Jeroschewski

Open Source Services - Product Group Customer Success Services (INST-CSS/BSV-OS)
Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY | www.bosch-si.com
Tel. +49 30 726112-416 | Mobil +49 152 24308225 | SvenErik.Jeroschewski@xxxxxxxxxxxx

Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber, Michael Hahn, Dr. Aleksandar Mitrovic

 

Action Required: Patched kernels for your AKS cluster(s) are available. Please apply available patches.                                                                                                                                                                                                                                                                      

 

Azure Kubernetes Service updates for Linux Kernel (SACK) vulnerabilities (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479) You’re receiving this email because you currently use Microsoft Azure Kubernetes Service. On Monday June 17th, security researchers announced 3 critical security issues impacting the Linux kernel. These are: ·     CVE-2019-11477: SACK Panic ·     CVE-2019-11478: SACK Slowness ·     CVE-2019-11479: Excess Resource Consumption Due to Low MSS Values These CVEs have been patched by all major Linux vendors. This means your clusters must be updated to mitigate these security issues. All Azure Kubernetes Service (AKS) customers running unpatched kernels are potentially vulnerable to these security issues. We recommend all customers verify the running kernel and take action if required to apply these updates. Canonical issued updated, patched kernels and these updated kernels were made available to the AKS customer base as of 2019-06-19. AKS clusters using the default configuration were patched as of the automatic update on 2019-06-20 00:00 UTC; however, users must reboot their clusters for the patch to take effect. Customers with clusters created before Friday, June 28, 2019 should confirm their nodes are updated.

 

Confirming if you are impacted: Execute the command kubectl get nodes -o wide. In the output you will see the running kernel under the KERNEL-VERSION header. Example: KERNEL VERSION 4.15.0-1049-azure 4.15.0-1049-azure If you see a kernel version lower than 4.15.0-1049, you will need to reboot the nodes using one of these methods. For all information and updates, see our guidance on Github. If you have questions, please contact us.

 

 

This message from Microsoft is an important part of a program, service, or product that you or your company purchased or participates in. Microsoft respects your privacy. Please read our Privacy Statement. This is a mandatory service communication. To set your contact preferences for other communications, visit the Promotional Communications Manager . Microsoft Corporation, One Microsoft Way, Redmond, WA 98052