Re: [Security Advisory] CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access

8 views
Skip to first unread message

Red Hat Product Security

unread,
Nov 30, 2021, 4:53:53 AM11/30/21
to kubernetes-sec...@googlegroups.com, distributo...@kubernetes.io, kubernete...@googlegroups.com, kubernetes-se...@googlegroups.com, kubernetes+a...@discoursemail.com, kuberne...@googlegroups.com

Hello!

INC1912628 ([Security Advisory] CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access) has been resolved.

Opened for: distributo...@kubernetes.io
Followers: kubernete...@googlegroups.com, kuberne...@googlegroups.com, kubernetes-sec...@googlegroups.com, kubernetes-se...@googlegroups.com, distributo...@kubernetes.io, kubernetes+a...@discoursemail.com

Dhananjay Arunesh updated your request with the following comments:

Hi Cullen,
 
This is an update to your reported issue.
 
The reported issue is a duplicate of the below CVE.
CVE-2021-25741 kubernetes: Symlink exchange can allow host filesystem access
 
Please use the below link[0] for more information.
--
Best Regards,
Dhananjay Arunesh / Red Hat Product Security

How can I track and update my request?

We want to make sure we have provided you with a complete resolution.

Please review the resolution detail and let us know whether you are all set by approving the resolution.

Thank you,
Product Security

 
Ref:MSG50366828

Max Shavrick

unread,
Dec 1, 2021, 6:44:59 PM12/1/21
to distributors-a...@kubernetes.io, kubernetes-sec...@googlegroups.com, distributo...@kubernetes.io, kubernete...@googlegroups.com, kubernetes-se...@googlegroups.com, kubernetes+a...@discoursemail.com, kuberne...@googlegroups.com, Lisa Olson, Sarah Cooley

@Lisa Olson we have a CVE from the Kubernetes security group here. Can you help @Sarah and me kick off the process of documenting this to our customers, so they are aware that we are providing a fix for it? 😊

 

Thank you

Max

--
You received this message because you are subscribed to the Google Groups "distributors-announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to distributors-ann...@kubernetes.io.
To view this discussion on the web visit https://groups.google.com/a/kubernetes.io/d/msgid/distributors-announce/16562759.58599.1638266031910%40app141040.ytz3.service-now.com.

Lisa Olson

unread,
Dec 6, 2021, 2:40:12 PM12/6/21
to Max Shavrick, distributors-a...@kubernetes.io, kubernetes-sec...@googlegroups.com, distributo...@kubernetes.io, kubernete...@googlegroups.com, kubernetes-se...@googlegroups.com, kubernetes+a...@discoursemail.com, kuberne...@googlegroups.com, Sarah Cooley, Security Release Crew

Hi Max,

Sorry, I was out last week.  I understand that you are including an update Open Source library that includes the fix for this vulnerability.  Is that correct?

What products are being updated?  What are the new version numbers?  When will the new versions be released?

Based on this, we can come up with a plan to document this in the Security Update Guide.

Lisa

Reply all
Reply to author
Forward
0 new messages