SUSE-SU-2020:3761-1: important: Security changes in Kubernetes, etcd, and skuba; Bugfix in cri-o package and make helm3 the default helm
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Dec 11 10:15:25 MST 2020
SUSE Security Update: Security changes in Kubernetes, etcd, and skuba; Bugfix in cri-o package and make helm3 the default helm
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:3761-1
Rating: important
References: #1172270 #1173055 #1173165 #1174219 #1174951
#1175352 #1176225 #1176578 #1176903 #1176904
#1177361 #1177362 #1177660 #1177661 #1178785
Cross-References: CVE-2020-15106 CVE-2020-8029 CVE-2020-8564
CVE-2020-8565
Affected Products:
SUSE CaaS Platform 4.5
______________________________________________________________________________
An update that solves four vulnerabilities and has 11 fixes
is now available.
Description:
== Kubernetes & etcd (Security fixes)
This fix involves an upgrade of Kubernetes and some add-ons. See
https://documentation.suse.com/suse-caasp/4.5/html/caasp-admin/_cluster_upd
ates.html#_updating_kubernetes_components for the upgrade procedure.
== Skuba (Security fixes) & helm3 becomes the default helm
In order to update skuba and helm or helm 3, you need to update the
management workstation. See detailed instructions at
https://documentation.suse.com/suse-caasp/4.5/html/caasp-admin/_cluster_upd
ates.html#_update_management_workstation
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE CaaS Platform 4.5:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- SUSE CaaS Platform 4.5 (aarch64 x86_64):
caasp-release-4.5.2-1.8.2
cri-o-1.18-1.18.4-4.3.2
cri-o-1.18-kubeadm-criconfig-1.18.4-4.3.2
etcdctl-3.4.13-3.3.1
helm2-2.16.12-3.3.1
helm3-3.3.3-3.8.1
kubernetes-1.18-kubeadm-1.18.10-4.3.1
kubernetes-1.18-kubelet-1.18.10-4.3.1
patterns-caasp-Management-4.5-3.3.1
skuba-2.1.11-3.10.1
velero-1.4.2-3.3.1
- SUSE CaaS Platform 4.5 (noarch):
skuba-update-2.1.11-3.10.1
References:
https://www.suse.com/security/cve/CVE-2020-15106.html
https://www.suse.com/security/cve/CVE-2020-8029.html
https://www.suse.com/security/cve/CVE-2020-8564.html
https://www.suse.com/security/cve/CVE-2020-8565.html
https://bugzilla.suse.com/1172270
https://bugzilla.suse.com/1173055
https://bugzilla.suse.com/1173165
https://bugzilla.suse.com/1174219
https://bugzilla.suse.com/1174951
https://bugzilla.suse.com/1175352
https://bugzilla.suse.com/1176225
https://bugzilla.suse.com/1176578
https://bugzilla.suse.com/1176903
https://bugzilla.suse.com/1176904
https://bugzilla.suse.com/1177361
https://bugzilla.suse.com/1177362
https://bugzilla.suse.com/1177660
https://bugzilla.suse.com/1177661
https://bugzilla.suse.com/1178785
More information about the sle-security-updates
mailing list