Kubernetes v1.24.17 is live!

356 views
Skip to first unread message

Marko Mudrinić

unread,
Aug 24, 2023, 7:29:36 PM8/24/23
to kubernetes-announce, dev
Kubernetes Community,

Kubernetes v1.24.17 has been built and pushed using Golang version 1.20.7.

The release notes have been updated in CHANGELOG-1.24.md, with a pointer to them on GitHub:

v1.24.17

Downloads for v1.24.17

Source Code

filename sha512 hash
kubernetes.tar.gz 728f3ef58c34b337671dd3650b7daf98a6ef3cd2861fc975c1346453285d21f93197cac4d797158db73d4cda578152a17e9de5c235a94f11619e9d498cd4caba
kubernetes-src.tar.gz 04fc46392483515f9eccbf6991637a28fa5068a30808e72545f741a399aaf1a5960384b9730f6f1edcb5e226004af89498f57d85c89f03dd35b1ecde203c16e7

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz 09374af750a0bbc839844a9e70ac3e8f7572dfd4fbb10c13a3b13d6ff2012790afb0b92dac2bf52882fe822ae3de7c4d65a0b64f17c74ca1d12c88657fed3f7b
kubernetes-client-darwin-arm64.tar.gz aa0edb3433d140d8bdf6d1ebc9028d2e4084909573035fa4246f9fee29fd835d0b4f8c504308f2b604558aa15742a0052d5913b2f1e11d0b4d675e334bdac4c4
kubernetes-client-linux-386.tar.gz 9f447e245d74708b460de2a2835a19dd3cfb051d3edd83bf5beb5456a5d9ae2f8c5ca969e3ec91f98e39338634d40a783dfd144b81f0a9f089de5ac86d332c1b
kubernetes-client-linux-amd64.tar.gz 7a8d578f3b1644c5a469c2e137e9287fb7349818512006b106d9feee38959b32808c4fa0ef31526131da688015db0b8c4a85392c68b92d323f5d47b0775553aa
kubernetes-client-linux-arm.tar.gz f1d9bb52e4ab97fae3a1ff61b2128b535f735ea4cbde75514e10cdcb88936f4bbb2968583ca693b24cc804befed72d8a7cd27add0bf3fde833889ec19c7bff55
kubernetes-client-linux-arm64.tar.gz 6dd3fbf702dda815eff37d576cf3628610068f8b453f497ea6f44d7e4371dde3da2c2e6e2a9b3f859e63586fa91bb312c5d7885b7bead5568769ad15c649d8ed
kubernetes-client-linux-ppc64le.tar.gz 44376b751fa7f3ee3122937e7b72fd5c1f027e0d84ed49537016d16ae58fb7e2b0c922ab55655fba16b07a46821a85f20b11f4c94480ca83acd618ca97ea9bd6
kubernetes-client-linux-s390x.tar.gz ec1f533f744ac351172c8f4fd182975bec91cc4d54d0d5494e7d36ab6bf7d4f4260292db1abdaef153a7486659224c6274bc8b1b934d69ec005c4e7bec570dbd
kubernetes-client-windows-386.tar.gz dc5643893bc1db7178aa51ba429dfb90f140255ace0dfe70f80a57c55e78bbefc78d535dbe9809b1f08baccd087d01b0c0dc3b681110bf4ff2f061aaba6f6fab
kubernetes-client-windows-amd64.tar.gz a3aaff26d62000f2c7ac018f57882698f51bdb073eb3c1c63165d8d9f0f8963685a874b55fc3a963d55378016fb6d1d553254dfd9f4508312f953b0307862b73
kubernetes-client-windows-arm64.tar.gz 69d9feb3645152d015985b534f4e938fef92ea50f9aef53d90699d8bef9969b52c81c4e4c0a95e969551d2b16cfecdae1533f7f17c482b102b2658af75dba85e

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 617aae6612a3eccf39dec4132cfb84cedbb0a39120551b34ff4680b33ad08912ac5d952442d19c1e8679d8a9ab0e77f3e286543f119710f88fab5839cc476e8b
kubernetes-server-linux-arm.tar.gz 1c8968a72c2c0d423ae578a46ed198316e77b8953156a657a42b989ca4bbb77a921426729284e1f5a2eb9787baff245a17e33be7188b1d4309ce6a54da39bd21
kubernetes-server-linux-arm64.tar.gz 0dfe13318219488ad6efa6f7adcdd2ed784f840532ac5b3b15558a903f1d82a10517dc80f0251ad42ce701707f0897184a2fae3bf003f5f98b3cd0891e34d351
kubernetes-server-linux-ppc64le.tar.gz 88fddd72bea7bdc1113882c0a05df924b40d9712e1b0d0c179bf9e7879e571a520ba90915f1eb0bbe2938d24c78ed3cea255304d1f58739b9290ede4cc90ef9d
kubernetes-server-linux-s390x.tar.gz 05cffc241e6ac5ab07e79336edd1df3b131b6aceb6aed151a9877093782095349ec611277a417c5bcad95299eb7576a2e2ffb32bc19c24b775aa030e4c232164

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz f3b2de4c84ef90958a51b3efbbe224d9ddb2a067b5a7e0311b7febfd2b0c722ed4fa8b71b6328708edef935f16ff991e257a242c95b1cae678d3ab8b2ceff4cd
kubernetes-node-linux-arm.tar.gz 4d589e4f29d7a14f68a177573545cfd33213efab3393374f638571c738dca2e50a1f2f8864294a275c549c1ed3eff3ee0542d01f520eed63b4c2e74cba5ec095
kubernetes-node-linux-arm64.tar.gz 126e95ed8654f7a21500e06c12f69f87fda7a4e09603e0168373e566c434d28abe25470ceec35f84e5c3f34fcb71f94bb912233f44b0874f1a363a90ae874a10
kubernetes-node-linux-ppc64le.tar.gz ecb6fdfac624b15c8b46120bcd07a2f58bde5f71592556a63ee3257fcc18340ea8adf47e5ba1622b8c12b349b7159f7707cbbbc1d80867e487635a7cd0431b17
kubernetes-node-linux-s390x.tar.gz f4458ecf9c56ae2003c3affd94aa3eb483edb79b2a06aa0331a2c77b26dedd7a256e8ad01b68288f4630d3ce7652bb9b4fbcb5f659925b008f09eb89059137a7
kubernetes-node-windows-amd64.tar.gz 35a66defea0464cdc3582b35cf96676c6526635051af29cbcd290ec0999efac77f8297230f0eb9dbccd81869bc5204b6cdd417aae677697dba493ff352f38372

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name architectures
registry.k8s.io/conformance:v1.24.17 amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-apiserver:v1.24.17 amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-controller-manager:v1.24.17 amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-proxy:v1.24.17 amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-scheduler:v1.24.17 amd64, arm, arm64, ppc64le, s390x

Changelog since v1.24.16

Important Security Information

This release contains changes that address the following vulnerabilities:

CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

Affected Versions:

  • kubelet <= v1.28.0
  • kubelet <= v1.27.4
  • kubelet <= v1.26.7
  • kubelet <= v1.25.12
  • kubelet <= v1.24.16

Fixed Versions:

  • kubelet v1.28.1
  • kubelet v1.27.5
  • kubelet v1.26.8
  • kubelet v1.25.13
  • kubelet v1.24.17

This vulnerability was reported by Tomer Peled @tomerpeled92

CVSS Rating: High (8.8) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

Affected Versions:

  • kubelet <= v1.28.0
  • kubelet <= v1.27.4
  • kubelet <= v1.26.7
  • kubelet <= v1.25.12
  • kubelet <= v1.24.16

Fixed Versions:

  • kubelet v1.28.1
  • kubelet v1.27.5
  • kubelet v1.26.8
  • kubelet v1.25.13
  • kubelet v1.24.17

This vulnerability was discovered by James Sturtevant @jsturtevant and Mark Rossetti @marosset during the process of fixing CVE-2023-3676 (that original CVE was reported by Tomer Peled @tomerpeled92)

CVSS Rating: High (8.8) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Changes by Kind

Feature

  • Kubernetes is now built with Go 1.20.7 (#119837, @jeremyrickard) [SIG Apps, Cloud Provider, Node, Release, Storage and Testing]

Bug or Regression

  • Fixed a bug where clusters that use KMS v1 with skewed API servers on versions v1.24 and v1.25 would see internal errors when attempting to read encrypted data via the v1.24 API servers. (#119387, @enj) [SIG API Machinery and Auth]

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.


Contributors, the CHANGELOG-1.24.md has been bootstrapped with v1.24.17 release notes and you may edit now as needed.



Published by your Kubernetes Release Managers.

Reply all
Reply to author
Forward
0 new messages