AWS-2019-006

July 02, 2019 2:00 PM PDT CVE Identifier: CVE-2019-11246 AWS is aware of a security issue ( CVE-2019-11246 ) in the Kubernetes kubectl tool that could allow a malicious container to replace or create files on a user's workstation. If a user were to run an untrusted container containing a malicious version of the tar command and execute the kubectl cp operation, the kubectl binary unpacking the tar file could overwrite or create files on a user's workstation. AWS customers should refrain from using untrusted containers. If customers use an untrusted container and use the kubectl tool to manage their Kubernetes clusters, they should refrain from running the kubectl cp command using the affected versions and update to the latest kubectl version. Updating Kubectl AWS currently vends kubectl for customers to download in the EKS service S3 bucket , as well as shipping the binary in our managed AMI . 1.10.x: Versions of kubectl vended by AWS 1.10.13 or earlier are affected. We recommend that you update to kubectl version 1.11.10. 1.11.x: Versions of kubectl vended by AWS 1.11.9 or earlier are affected. We recommend that you update to kubectl version 1.11.10.. 1.12.x: Versions of kubectl v…