SUSE CaaS Platform 3.0: SUSE-SU-2019:0330-1 Important: etcd Issues
suse
February 12, 2019
An update that solves two vulnerabilities and has one errata is now available
Summary
This update for etcd to version 3.3.11 fixes the following issues: Security vulnerabilities addressed: - CVE-2018-16886: Fixed an improper authentication issue when role-based access control (RBAC) was used and client-cert-auth were enabled. This allowed an remote attacker to authenticate as user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway. (bsc#1121850) - CVE-2018-16873: Fixed an issue with the go get command, which allowed for remote code execution when being executed with the -u flag (bsc#1118897) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0:
References
#1095184 #1118897 #1121850
Cross- CVE-2018-16873 CVE-2018-16886
Affected Products:
SUSE CaaS Platform 3.0
https://www.suse.com/security/cve/CVE-2018-16873.html
https://www.suse.com/security/cve/CVE-2018-16886.html
https://bugzilla.suse.com/1095184
https://bugzilla.suse.com/1118897
https://bugzilla.suse.com/1121850
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2019:0330-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!