Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE CaaS Platform 3.0: 2018:4218-1 Important: Multiple Threat Fixes

suse
Calendar Grey December 21, 2018
Dist Suse Esm H88
Important security patches released for various elements in SUSE CaaS Platform addressing critical vulnerabilities.
An update that fixes three vulnerabilities is now available

Summary

This update for buildah, caasp-cli, caasp-dex, cni-plugins, container-feeder, containerd-kubic, cri-o, cri-tools, docker-kubic, docker-runc-kubic, etcd, flannel, golang-github-docker-libnetwork-kubic, helm, kubernetes, kubernetes-dns, libcontainers-storage, podman, runc, skopeo, umoci fixes the following issues: - Require golang = 1.10 to fix: * bsc#1118897 CVE-2018-16873 go#29230 cmd/go: remote command execution during "go get -u" * bsc#1118898 CVE-2018-16874 go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths * bsc#1118899 CVE-2018-16875 go#29233 crypto/x509: CPU denial of service Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

#1118897 #1118898 #1118899

Cross- CVE-2018-16873 CVE-2018-16874 CVE-2018-16875

Affected Products:

SUSE CaaS Platform 3.0

https://www.suse.com/security/cve/CVE-2018-16873.html

https://www.suse.com/security/cve/CVE-2018-16874.html

https://www.suse.com/security/cve/CVE-2018-16875.html

https://bugzilla.suse.com/1118897

https://bugzilla.suse.com/1118898

https://bugzilla.suse.com/1118899

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:4218-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here