SUSE-SU-2018:4218-1: important: Security update for buildah, caasp-cli, caasp-dex, cni-plugins, container-feeder, containerd-kubic, cri-o, cri-tools, docker-kubic, docker-runc-kubic, etcd, flannel, golang-github-docker-libnetwork-kubic, helm, kubernetes, kubernetes-dns, libcontainers-storage, podman, runc, skopeo, umoci

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Dec 21 10:09:53 MST 2018


   SUSE Security Update: Security update for buildah, caasp-cli, caasp-dex, cni-plugins, container-feeder, containerd-kubic, cri-o, cri-tools, docker-kubic, docker-runc-kubic, etcd, flannel, golang-github-docker-libnetwork-kubic, helm, kubernetes, kubernetes-dns, libcontainers-storage, podman, runc, skopeo, umoci
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:4218-1
Rating:             important
References:         #1118897 #1118898 #1118899 
Cross-References:   CVE-2018-16873 CVE-2018-16874 CVE-2018-16875
                   
Affected Products:
                    SUSE CaaS Platform 3.0
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:


   This update for buildah, caasp-cli, caasp-dex, cni-plugins,
   container-feeder, containerd-kubic, cri-o, cri-tools, docker-kubic,
   docker-runc-kubic, etcd, flannel, golang-github-docker-libnetwork-kubic,
   helm, kubernetes, kubernetes-dns, libcontainers-storage, podman, runc,
   skopeo, umoci fixes the following issues:

   - Require golang = 1.10 to fix:
     * bsc#1118897 CVE-2018-16873 go#29230 cmd/go: remote command execution
       during "go get -u"
     * bsc#1118898 CVE-2018-16874 go#29231 cmd/go: directory traversal in "go
       get" via curly braces in import paths
     * bsc#1118899 CVE-2018-16875 go#29233 crypto/x509: CPU denial of service


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE CaaS Platform 3.0:

      To install this update, use the SUSE CaaS Platform Velum dashboard.
      It will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - SUSE CaaS Platform 3.0 (x86_64):

      caasp-cli-3.0.0+20180515.git_r38_7843d12-3.3.1
      cni-plugins-0.6.0-4.3.1
      container-feeder-3.0.0+20181105.git_r90_c54fd18-3.9.1
      containerd-kubic-0.2.9+gitr706_06b9cb351610-5.3.1
      containerd-kubic-debuginfo-0.2.9+gitr706_06b9cb351610-5.3.1
      containerd-kubic-debugsource-0.2.9+gitr706_06b9cb351610-5.3.1
      cri-o-1.10.6-4.11.1
      cri-tools-1.0.0beta2-3.6.1
      docker-kubic-17.09.1_ce-7.3.1
      docker-kubic-debuginfo-17.09.1_ce-7.3.1
      docker-kubic-debugsource-17.09.1_ce-7.3.1
      docker-libnetwork-kubic-0.7.0.1+gitr2066_7b2b1feb1de4-3.3.1
      docker-libnetwork-kubic-debuginfo-0.7.0.1+gitr2066_7b2b1feb1de4-3.3.1
      docker-runc-kubic-1.0.0rc4+gitr3338_3f2f8b84a77f-5.3.1
      docker-runc-kubic-debuginfo-1.0.0rc4+gitr3338_3f2f8b84a77f-5.3.1
      docker-runc-kubic-debugsource-1.0.0rc4+gitr3338_3f2f8b84a77f-5.3.1
      etcd-3.3.1-3.3.1
      etcdctl-3.3.1-3.3.1
      golang-github-docker-libnetwork-kubic-debugsource-0.7.0.1+gitr2066_7b2b1feb1de4-3.3.1
      helm-2.8.2-3.3.1
      kubernetes-client-1.10.11-4.11.1
      kubernetes-common-1.10.11-4.11.1
      kubernetes-kubelet-1.10.11-4.11.1
      kubernetes-master-1.10.11-4.11.1
      kubernetes-node-1.10.11-4.11.1
      libcontainers-storage-0+git26204-3.3.1
      podman-0.8.5-3.6.1
      runc-1.0.0~rc5-3.3.1
      runc-debuginfo-1.0.0~rc5-3.3.1
      runc-debugsource-1.0.0~rc5-3.3.1


References:

   https://www.suse.com/security/cve/CVE-2018-16873.html
   https://www.suse.com/security/cve/CVE-2018-16874.html
   https://www.suse.com/security/cve/CVE-2018-16875.html
   https://bugzilla.suse.com/1118897
   https://bugzilla.suse.com/1118898
   https://bugzilla.suse.com/1118899



More information about the sle-security-updates mailing list