GKE on Bare Metal 1.28.100-gke.146 is now available for download
Share
Services
## Feature
### Release 1.28.100-gke.146
GKE on Bare Metal 1.28.100-gke.146 is now available for [download](https://cloud.google.com/anthos/clusters/docs/bare-metal/1.28/downloads). To upgrade, see [Upgrade clusters](https://cloud.google.com/anthos/clusters/docs/bare-metal/1.28/how-to/upgrade). GKE on Bare Metal 1.28.100-gke.146 runs on Kubernetes 1.28.
## Security
### Security bulletin (all minor versions)
A security vulnerability, [CVE-2024-21626](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21626), has been discovered in `runc` where a user with permission to create Pods might be able to gain full access to the node filesystem.
For instructions and more details, see the [GCP-2024-005](https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2024-005) security bulletin.
## Fix
**Fixes:**
Fixed a rootless permission issue on file `/var/lib/audit.log` in 1.28.100, which might block control plane node upgrades.
The following container image security vulnerabilities have been fixed in 1.28.100-gke.146:
* Critical container vulnerabilities:
* [CVE-2023-39320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39320)
* High-severity container vulnerabilities:
* [CVE-2021-41617](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41617)
* [CVE-2023-5869](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5869)
* [CVE-2023-27533](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27533)
* [CVE-2023-29491](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29491)
* [CVE-2023-39321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321)
* [CVE-2023-39322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322)
* [CVE-2023-39417](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39417)
* Medium-severity container vulnerabilities:
* [CVE-2023-5156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5156)
* [CVE-2023-5868](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5868)
* [CVE-2023-5870](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5870)
* [CVE-2023-25165](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25165)
* [CVE-2023-27535](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27535)
* [CVE-2023-27536](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27536)
* [CVE-2023-27538](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27538)
* [CVE-2023-28321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28321)
* [CVE-2023-36054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36054)
* [CVE-2023-51385](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385)
* [GHSA-rm8v-mxj3-5rmq](https://github.com/advisories/GHSA-rm8v-mxj3-5rmq)
* Low-severity container vulnerabilities:
* [CVE-2022-48522](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48522)
* [CVE-2023-4527](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4527)
* [CVE-2023-4911](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4911)
* [CVE-2023-27534](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27534)
* [CVE-2023-28322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28322)
* [CVE-2023-38545](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545)
* [CVE-2023-38546](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546)
## Issue
**Known issues:**
For information about the latest known issues, see [GKE on Bare Metal known issues](https://cloud.google.com/anthos/clusters/docs/bare-metal/1.28/troubleshooting/known-issues) in the Troubleshooting section.
What else is happening at Google Cloud Platform?
The CPU allocation setting has been renamed to Billing in the Google Cloud console for Cloud Run services
December 13th, 2024
Services
Share
Google Kubernetes Engine (GKE) - December 13th, 2024 [Feature]
December 13th, 2024
Services
Share