Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 40 Kubernetes Update: Resolves Policy Bypass in ServiceAccount

fedora
Calendar Grey April 25, 2024
Dist Fedora Esm H88
Kubernetes upgraded to v1.29.4 on Fedora 40, addressing a policy evasion vulnerability and correcting various bugs.
Update Kubernetes to v1.29.4 for Fedora 40

Summary

Open Source Production-Grade Container Scheduling And Management Platform

Installs kubelet, the kubernetes agent on each machine in a

cluster. The kubernetes-client sub-package,

containing kubectl, is recommended but not strictly required.

The kubernetes-client sub-package should be installed on

control plane machines.

Update Information:

Update Kubernetes to v1.29.4 for Fedora 40. Resolves CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin. Additional bug and regression fixes include a bump to Golang.org/x/net to v0.23.0 to address CVE-2023-45288 .

Topics%20covered

Topics Covered

security advisory Fedora bug fix security fix policy bypass Kubernetes ServiceAccount

Change Log

* Tue Apr 16 2024 Bradley G Smith - 1.29.4-1 - Update to v1.29.4

References

Fedora Update Notification FEDORA-2024-ce2eefc399 2024-04-25 00:59:19.184672 Name : kubernetes Product : Fedora 40 Version : 1.29.4 Release : 1.fc40 URL : https://kubernetes.io/ Summary : Open Source Production-Grade Container Scheduling And Management Platform Description : Open Source Production-Grade Container Scheduling And Management Platform Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machines.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-ce2eefc399' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: kubernetes
Product: Fedora 40
Version: 1.29.4
Release: 1.fc40
URL: https://kubernetes.io/
Summary: Open Source Production-Grade Container Scheduling And Management Platform

Topics%20covered

Topics Covered

security advisory Fedora bug fix security fix policy bypass Kubernetes ServiceAccount

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here