SUSE-SU-2018:4020-1: important: Security update for cri-o and kubernetes packages

sle-security-updates at sle-security-updates at
Fri Dec 7 10:24:57 MST 2018

   SUSE Security Update: Security update for cri-o and kubernetes packages

Announcement ID:    SUSE-SU-2018:4020-1
Rating:             important
References:         #1084765 #1095131 #1108195 #1111341 #1112967 
                    #1112980 #1114645 #1116933 #1118198 
Cross-References:   CVE-2016-8859 CVE-2018-1002105
Affected Products:
                    SUSE CaaS Platform 3.0

   An update that solves two vulnerabilities and has 7 fixes
   is now available.


   This update provide fixes for kubernetes, kubernetes-salt, cri-o, and

   - VUL-0: kubernetes: proxy request handling in kube-apiserver can leave
     vulnerable TCP connections (bsc#1118198)
   - Error in Velum when applying the k8s 1.10.8 on CRI-O cluster
   - Update regexp for SUSE images  (bsc#1111341)
   - Require kubernetes-kubelet for kubeadm (bsc#1084765)
   - Move deprecated flags to kubelet config.yaml (bsc#1114645)
   - Update to k8s 1.10.x (bsc#1114645)
   - Fix kubelet failing to get device for dir "/var/lib/kubelet (bsc#1095131)
   - Set NOFILE and NPROC limit to 1048576 to align with Docker/containerd
     and the upstream unit file. (bsc#1112980)
   - Update cluster-proportional-autoscaler-amd64 in typha addon to w/ fix
     for (CVE-2016-8859)
   - Add a whitelist for returned events so we only save events that we care
     about (bsc#1112967)
   - Aggregation layer needs configuration (bsc#1108195)

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE CaaS Platform 3.0:

      To install this update, use the SUSE CaaS Platform Velum dashboard.
      It will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.

Package List:

   - SUSE CaaS Platform 3.0 (noarch):


   - SUSE CaaS Platform 3.0 (x86_64):



More information about the sle-security-updates mailing list