Skip to content
This repository has been archived by the owner on Apr 7, 2020. It is now read-only.

Black list SCTP protocol for alicloud (CVE-2019-3874) #34

Merged
merged 1 commit into from
Mar 29, 2019
Merged

Black list SCTP protocol for alicloud (CVE-2019-3874) #34

merged 1 commit into from
Mar 29, 2019

Conversation

marwinski
Copy link
Contributor

@marwinski marwinski commented Mar 27, 2019
edited by rfranzke
Loading

What this PR does / why we need it:

DO NOT SUBMIT, NOT TESTED

This PR is a workaround for CVE-2019-3874. It disables the PCTP protocol on all nodes.

Which issue(s) this PR fixes:

Special notes for your reviewer:
This is not yet tested due to the lack of testing environment for Alicloud (or failure to set up a working environment). It was migrated from #33 which tested ok.

Release note:

The CoreOS Container Linux (Alicloud-modified) controller does now disable the PCTP protocol on all nodes (as a workaround for CVE-2019-3874).

@marwinski marwinski requested a review from a team as a code owner March 27, 2019 16:24
@jia-jerry jia-jerry mentioned this pull request Mar 28, 2019
Merged
@jia-jerry
Copy link
Contributor

@marwinski , I did a test with your configuration and sctp.conf is written successfully. Do we need a further test?

@marwinski marwinski force-pushed the blacklist-sctp-coreos-alicloud branch from a67413c to 781aa4b Compare March 28, 2019 10:21
@marwinski marwinski requested a review from rfranzke March 28, 2019 10:21
@rfranzke rfranzke added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Mar 29, 2019
@gardener-robot-ci-1 gardener-robot-ci-1 added needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Mar 29, 2019
@rfranzke rfranzke added area/security Security related exp/expert Issue that requires expert level knowledge kind/enhancement Enhancement, improvement, extension priority/normal Standard backlog priority, that can be worked on now or later reviewed/lgtm Has approval for merging size/xs A few minutes of work or very small change (usually trivial or cosmetic) status/accepted Issue was accepted as something we need to work on topology/shoot Affects Shoot clusters and removed needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Mar 29, 2019
rfranzke
rfranzke approved these changes Mar 29, 2019
View reviewed changes
Copy link
Contributor

@rfranzke rfranzke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@rfranzke rfranzke merged commit 6e981b4 into master Mar 29, 2019
@rfranzke rfranzke deleted the blacklist-sctp-coreos-alicloud branch March 29, 2019 07:45
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@rfranzke rfranzke rfranzke approved these changes

Assignees
No one assigned
Labels
area/security Security related exp/expert Issue that requires expert level knowledge kind/enhancement Enhancement, improvement, extension priority/normal Standard backlog priority, that can be worked on now or later reviewed/lgtm Has approval for merging size/xs A few minutes of work or very small change (usually trivial or cosmetic) status/accepted Issue was accepted as something we need to work on topology/shoot Affects Shoot clusters
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@marwinski @jia-jerry @rfranzke @gardener-robot-ci-1