SUSE: 2019:0537-1 Important: JSON Web Tokens Security Fix
suse
March 2, 2019
An update that solves one vulnerability and has three fixes is now available.
Summary
This update for caasp-container-manifests, changelog-generator-data-sles12sp3-velum, kubernetes-salt, rubygem-aes_key_wrap, rubygem-json-jwt, sles12sp3-velum-image, velum provides the following fixes: Security issue fixed in rubygem-json-jwt and velum: - CVE-2018-1000539: Fixed an improper verification of cryptographic signatures during the decryption of encrypted with AES-GCM JSON Web Tokens which could lead to a forged authentication tag. (bsc#1099243, bsc#1121166) caasp-container-manifests: - Disable the kubelet servers on the admin node. The admin node is not part of a k8s cluster, so enabling the endpoints for interaction by the user/api-server is not needed. Instead (only on the admin node) all
References
#1121145 #1121162 #1121165 #1121166
Cross- CVE-2018-1000539
Affected Products:
SUSE CaaS Platform 3.0
https://www.suse.com/security/cve/CVE-2018-1000539.html
https://bugzilla.suse.com/1121145
https://bugzilla.suse.com/1121162
https://bugzilla.suse.com/1121165
https://bugzilla.suse.com/1121166
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2019:0537-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!