SUSE: 2019:0416-1 important: velum
Summary
This update provides the following fixes: kubernetes-salt: - Force basename on the system certificate name to prevent path traversal (bsc#1121147) - CVE-2019-3682: Disable insecure port in kube-apiserver (bsc#1121148) - Insecure API port exposed to all Master Node guest containers (bsc#1121148) - Fixes included in this change: * bsc#1121146 - Kubernetes – Kubelet Service allows unauthenticated access to Kubelet API * bsc#1122439 - failed to parse bool none (bsc#1122439) * bsc#1123291 - CaasP 3.0 Update Admin node, worker and master failed * bsc#1123650 - ExperimentalCriticalPodAnnotation feature not enabled * bsc#1114832 - Running supportconfig on any node can take lots of resources, even fill the hard disk on big/long-running clusters velum: - Do not allow '.' or '/' symbols in system certificate names. (bsc#1121447) - Reverting ignore_vol_az option back to Velum CPI (bsc#1122439) - Adding LDAP support to Velum that will create the requisite org units in LDAP if they are missing sles12sp3-velum-image: - Release 3.1.9 to include a fix (bsc#1122439,bsc#1121447) docker-kubic: - Add daemon.json file with rotation logs configuration (bsc#1114832) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): docker-kubic-17.09.1_ce-7.6.1 docker-kubic-debuginfo-17.09.1_ce-7.6.1 docker-kubic-debugsource-17.09.1_ce-7.6.1 sles12-velum-image-3.1.9-3.33.4 - SUSE CaaS Platform 3.0 (noarch): kubernetes-salt-3.0.0+git_r931_9cdca5a-3.47.1
References
#1114832 #1121146 #1121147 #1121148 #1121447
#1122439 #1123291 #1123650
Cross- CVE-2019-3682
Affected Products:
SUSE CaaS Platform 3.0
https://www.suse.com/security/cve/CVE-2019-3682.html
https://bugzilla.suse.com/1114832
https://bugzilla.suse.com/1121146
https://bugzilla.suse.com/1121147
https://bugzilla.suse.com/1121148
https://bugzilla.suse.com/1121447
https://bugzilla.suse.com/1122439
https://bugzilla.suse.com/1123291
https://bugzilla.suse.com/1123650