Skip to content

add Windows firewall rule to block 168.63.129.16:80 for cve-2021-27075#694

Merged
k8s-ci-robot merged 1 commit intokubernetes-sigs:masterfrom
devigned:fix-cve-2021-27075-win
Sep 21, 2021
Merged

add Windows firewall rule to block 168.63.129.16:80 for cve-2021-27075#694
k8s-ci-robot merged 1 commit intokubernetes-sigs:masterfrom
devigned:fix-cve-2021-27075-win

Conversation

@devigned
Copy link
Contributor

@devigned devigned commented Sep 14, 2021

What this PR does / why we need it:

This PR explicitly ensures that TCP traffic bound for the reserved Azure IP 168.63.129.16 via TCP on port 80 is dropped to remediate https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27075 on Windows nodes.

Additional context
Related to: #690

@k8s-ci-robot k8s-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Sep 14, 2021
@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Sep 14, 2021
@devigned
Copy link
Contributor Author

devigned commented Sep 15, 2021

/retest

@devigned
Copy link
Contributor Author

devigned commented Sep 15, 2021

/hold

I'm adding a goss verifier.

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 15, 2021
@devigned devigned force-pushed the fix-cve-2021-27075-win branch 3 times, most recently from 39547c5 to ae89a3b Compare September 15, 2021 18:09
@devigned
Copy link
Contributor Author

devigned commented Sep 15, 2021

/retest

@devigned devigned force-pushed the fix-cve-2021-27075-win branch 6 times, most recently from 46bff98 to 9b38e13 Compare September 16, 2021 20:48
@devigned devigned force-pushed the fix-cve-2021-27075-win branch from 9b38e13 to 74fa4c6 Compare September 16, 2021 21:26
@devigned
Copy link
Contributor Author

devigned commented Sep 16, 2021

/hold cancel

/assign @CecileRobertMichon @codenrhoden

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 16, 2021
@codenrhoden
Copy link
Contributor

codenrhoden commented Sep 17, 2021

/lgtm

Makes me realize we didn't add a GOSS verification for this on Linux, but since this PR is focused on Windows that seems out of scope.

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 17, 2021
@devigned
Copy link
Contributor Author

devigned commented Sep 17, 2021

/lgtm

Makes me realize we didn't add a GOSS verification for this on Linux, but since this PR is focused on Windows that seems out of scope.

I’m happy to open another pr to add the Linux test. Def should have added one.

@jsturtevant
Copy link
Contributor

jsturtevant commented Sep 21, 2021

/lgtm
/approve

@CecileRobertMichon
Copy link
Contributor

CecileRobertMichon commented Sep 21, 2021

/approve

@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Sep 21, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: CecileRobertMichon, devigned, jsturtevant

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 21, 2021
@k8s-ci-robot k8s-ci-robot merged commit abaf94b into kubernetes-sigs:master Sep 21, 2021
@jsturtevant jsturtevant mentioned this pull request Oct 12, 2021
Merged
@marosset marosset mentioned this pull request Feb 28, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@figo figo Awaiting requested review from figo

@moshloop moshloop Awaiting requested review from moshloop

Assignees

@jsturtevant jsturtevant

@codenrhoden codenrhoden

@CecileRobertMichon CecileRobertMichon

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@devigned @codenrhoden @jsturtevant @CecileRobertMichon @k8s-ci-robot

Comments