Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

SUSE: 2019:2617-1 Moderate: Kubernetes HTTP/2 Flood Fix

suse
Calendar Grey October 8, 2019
Dist Suse Esm H88
SUSE Security Bulletin: Addresses vulnerabilities in HTTP/2 denial-of-service attacks within Kubernetes; advisory with moderate risk level is now accessible.
An update that fixes two vulnerabilities is now available

Summary

This update for kubernetes, patchinfo fixes the following issues: Security issues fixed: - CVE-2019-9512: Fixed HTTP/2 reset flood vulnerability. (bsc#1147142) - CVE-2019-9514: Fixed HTTP/2 ping frame flood vulnerability. (bsc#1147142) Non-security issue fixed: - Added ipset package dependency for kube-proxy. (bsc#1131001) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64):

References

#1131001 #1147142

Cross- CVE-2019-9512 CVE-2019-9514

Affected Products:

SUSE CaaS Platform 3.0

https://www.suse.com/security/cve/CVE-2019-9512.html

https://www.suse.com/security/cve/CVE-2019-9514.html

https://bugzilla.suse.com/1131001

https://bugzilla.suse.com/1147142

Announcement ID: SUSE-SU-2019:2617-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.