drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in cri-o
| Name: |
Zwei Probleme in cri-o |
|
| ID: |
SUSE-SU-2018:4020-1 |
|
| Distribution: |
SUSE |
|
| Plattformen: |
SUSE CaaS Platform 3.0 |
|
| Datum: |
Sa, 8. Dezember 2018, 00:54 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8859
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1002105 |
|
| Applikationen: |
cri-o |
|
Originalnachricht |
SUSE Security Update: Security update for cri-o and kubernetes packages
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:4020-1
Rating: important
References: #1084765 #1095131 #1108195 #1111341 #1112967
#1112980 #1114645 #1116933 #1118198
Cross-References: CVE-2016-8859 CVE-2018-1002105
Affected Products:
SUSE CaaS Platform 3.0
______________________________________________________________________________
An update that solves two vulnerabilities and has 7 fixes
is now available.
Description:
This update provide fixes for kubernetes, kubernetes-salt, cri-o, and
caasp-container-manifests:
- VUL-0: kubernetes: proxy request handling in kube-apiserver can leave
vulnerable TCP connections (bsc#1118198)
- Error in Velum when applying the k8s 1.10.8 on CRI-O cluster
(bsc#1116933)
- Update regexp for SUSE images (bsc#1111341)
- Require kubernetes-kubelet for kubeadm (bsc#1084765)
- Move deprecated flags to kubelet config.yaml (bsc#1114645)
- Update to k8s 1.10.x (bsc#1114645)
- Fix kubelet failing to get device for dir "/var/lib/kubelet
(bsc#1095131)
- Set NOFILE and NPROC limit to 1048576 to align with Docker/containerd
and the upstream unit file. (bsc#1112980)
- Update cluster-proportional-autoscaler-amd64 in typha addon to w/ fix
for (CVE-2016-8859)
- Add a whitelist for returned events so we only save events that we care
about (bsc#1112967)
- Aggregation layer needs configuration (bsc#1108195)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE CaaS Platform 3.0:
To install this update, use the SUSE CaaS Platform Velum dashboard.
It will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- SUSE CaaS Platform 3.0 (noarch):
caasp-container-manifests-3.0.0+git_r291_33f7b2d-3.6.3
kubernetes-salt-3.0.0+git_r888_7af7095-3.33.2
- SUSE CaaS Platform 3.0 (x86_64):
cri-o-1.10.6-4.8.5
cri-tools-1.0.0beta2-3.3.3
kubernetes-client-1.10.11-4.8.2
kubernetes-common-1.10.11-4.8.2
kubernetes-kubelet-1.10.11-4.8.2
kubernetes-master-1.10.11-4.8.2
kubernetes-node-1.10.11-4.8.2
References:
https://www.suse.com/security/cve/CVE-2016-8859.html
https://www.suse.com/security/cve/CVE-2018-1002105.html
https://bugzilla.suse.com/1084765
https://bugzilla.suse.com/1095131
https://bugzilla.suse.com/1108195
https://bugzilla.suse.com/1111341
https://bugzilla.suse.com/1112967
https://bugzilla.suse.com/1112980
https://bugzilla.suse.com/1114645
https://bugzilla.suse.com/1116933
https://bugzilla.suse.com/1118198
_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates
|
|
|
|
