SUSE-SU-2020:3760-1: moderate: Security changes in Kubernetes, etcd, and helm; Bugfix in cri-o package
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Dec 11 10:17:47 MST 2020
SUSE Security Update: Security changes in Kubernetes, etcd, and helm; Bugfix in cri-o package
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:3760-1
Rating: moderate
References: #1174219 #1174951 #1176752 #1176753 #1176754
#1176755 #1177661 #1177662
Cross-References: CVE-2020-15106 CVE-2020-15112 CVE-2020-15184
CVE-2020-15185 CVE-2020-15186 CVE-2020-15187
CVE-2020-8565 CVE-2020-8566
Affected Products:
SUSE Linux Enterprise Module for Containers 15-SP1
SUSE CaaS Platform 4.0
______________________________________________________________________________
An update that fixes 8 vulnerabilities is now available.
Description:
= Required Actions
== Kubernetes & etcd (Security fixes)
This fix involves an upgrade of Kubernetes and some add-ons. See
https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_cluster_upd
ates.html#_updating_kubernetes_components for the upgrade procedure.
== Skuba & helm/helm3
In order to update skuba and helm or helm 3, you need to update the
management workstation. See detailed instructions at
https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_cluster_upd
ates.html#_update_management_workstation
= Known Issues
Modifying the file `/etc/sysconfig/kubelet` directly is not supported:
documentation at
https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_miscellaneo
us.html#_configuring_kubelet
Be sure to check the Release Notes at
https://www.suse.com/releasenotes/x86_64/SUSE-CAASP/4/#_changes_in_4_2_4
for any additional known issues or behavioral changes.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Containers 15-SP1:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2020-3760=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- SUSE Linux Enterprise Module for Containers 15-SP1 (x86_64):
kubernetes-client-1.17.13-4.21.2
kubernetes-common-1.17.13-4.21.2
- SUSE CaaS Platform 4.0 (x86_64):
caasp-release-4.2.4-24.36.1
cri-o-1.16.1-3.37.3
cri-o-kubeadm-criconfig-1.16.1-3.37.3
etcdctl-3.4.13-4.15.1
helm-2.16.12-3.10.1
kubernetes-client-1.17.13-4.21.2
kubernetes-common-1.17.13-4.21.2
kubernetes-kubeadm-1.17.13-4.21.2
kubernetes-kubelet-1.17.13-4.21.2
skuba-1.4.11-3.49.2
terraform-provider-aws-2.59.0-1.6.1
- SUSE CaaS Platform 4.0 (noarch):
skuba-update-1.4.11-3.49.2
References:
https://www.suse.com/security/cve/CVE-2020-15106.html
https://www.suse.com/security/cve/CVE-2020-15112.html
https://www.suse.com/security/cve/CVE-2020-15184.html
https://www.suse.com/security/cve/CVE-2020-15185.html
https://www.suse.com/security/cve/CVE-2020-15186.html
https://www.suse.com/security/cve/CVE-2020-15187.html
https://www.suse.com/security/cve/CVE-2020-8565.html
https://www.suse.com/security/cve/CVE-2020-8566.html
https://bugzilla.suse.com/1174219
https://bugzilla.suse.com/1174951
https://bugzilla.suse.com/1176752
https://bugzilla.suse.com/1176753
https://bugzilla.suse.com/1176754
https://bugzilla.suse.com/1176755
https://bugzilla.suse.com/1177661
https://bugzilla.suse.com/1177662
More information about the sle-security-updates
mailing list