Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 730
Alerts This Week
Warning Icon 1 730

SUSE CaaS Platform 3.0: 2018:4020-1 Critical Security Fix For Kubernetes

suse
Calendar Grey December 7, 2018
Dist Suse Esm H88
SUSE has issued a Security Update addressing two vulnerabilities found in the cri-o and kubernetes packages, along with significant ratings and patch information.
An update that solves two vulnerabilities and has 7 fixes is now available

Summary

This update provide fixes for kubernetes, kubernetes-salt, cri-o, and caasp-container-manifests: - VUL-0: kubernetes: proxy request handling in kube-apiserver can leave vulnerable TCP connections (bsc#1118198) - Error in Velum when applying the k8s 1.10.8 on CRI-O cluster (bsc#1116933) - Update regexp for SUSE images (bsc#1111341) - Require kubernetes-kubelet for kubeadm (bsc#1084765) - Move deprecated flags to kubelet config.yaml (bsc#1114645) - Update to k8s 1.10.x (bsc#1114645) - Fix kubelet failing to get device for dir "/var/lib/kubelet (bsc#1095131) - Set NOFILE and NPROC limit to 1048576 to align with Docker/containerd and the upstream unit file. (bsc#1112980) - Update cluster-proportional-autoscaler-amd64 in typha addon to w/ fix for (CVE-2016-8859)

References

#1084765 #1095131 #1108195 #1111341 #1112967

#1112980 #1114645 #1116933 #1118198

Cross- CVE-2016-8859 CVE-2018-1002105

Affected Products:

SUSE CaaS Platform 3.0

https://www.suse.com/security/cve/CVE-2016-8859.html

https://www.suse.com/security/cve/CVE-2018-1002105.html

https://bugzilla.suse.com/1084765

https://bugzilla.suse.com/1095131

https://bugzilla.suse.com/1108195

https://bugzilla.suse.com/1111341

https://bugzilla.suse.com/1112967

https://bugzilla.suse.com/1112980

https://bugzilla.suse.com/1114645

https://bugzilla.suse.com/1116933

https://bugzilla.suse.com/1118198

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:4020-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.