SUSE: 2020:3760-1 moderate: Security changes in Kubernetes, etcd, and helm; Bugfix in cri-
Summary
= Required Actions == Kubernetes & etcd (Security fixes) This fix involves an upgrade of Kubernetes and some add-ons. See ates.html#_updating_kubernetes_components for the upgrade procedure. == Skuba & helm/helm3 In order to update skuba and helm or helm 3, you need to update the management workstation. See detailed instructions at ates.html#_update_management_workstation = Known Issues Modifying the file `/etc/sysconfig/kubelet` directly is not supported: documentation at us.html#_configuring_kubelet Be sure to check the Release Notes at https://www.suse.com/releasenotes/x86_64/SUSE-CAASP/4/index.html for any additional known issues or behavioral changes. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP1: zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2020-3760=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Module for Containers 15-SP1 (x86_64): kubernetes-client-1.17.13-4.21.2 kubernetes-common-1.17.13-4.21.2 - SUSE CaaS Platform 4.0 (x86_64): caasp-release-4.2.4-24.36.1 cri-o-1.16.1-3.37.3 cri-o-kubeadm-criconfig-1.16.1-3.37.3 etcdctl-3.4.13-4.15.1 helm-2.16.12-3.10.1 kubernetes-client-1.17.13-4.21.2 kubernetes-common-1.17.13-4.21.2 kubernetes-kubeadm-1.17.13-4.21.2 kubernetes-kubelet-1.17.13-4.21.2 skuba-1.4.11-3.49.2 terraform-provider-aws-2.59.0-1.6.1 - SUSE CaaS Platform 4.0 (noarch): skuba-update-1.4.11-3.49.2
References
#1174219 #1174951 #1176752 #1176753 #1176754
#1176755 #1177661 #1177662
Cross- CVE-2020-15106 CVE-2020-15112 CVE-2020-15184
CVE-2020-15185 CVE-2020-15186 CVE-2020-15187
CVE-2020-8565 CVE-2020-8566
Affected Products:
SUSE Linux Enterprise Module for Containers 15-SP1
SUSE CaaS Platform 4.0
https://www.suse.com/security/cve/CVE-2020-15106.html
https://www.suse.com/security/cve/CVE-2020-15112.html
https://www.suse.com/security/cve/CVE-2020-15184.html
https://www.suse.com/security/cve/CVE-2020-15185.html
https://www.suse.com/security/cve/CVE-2020-15186.html
https://www.suse.com/security/cve/CVE-2020-15187.html
https://www.suse.com/security/cve/CVE-2020-8565.html
https://www.suse.com/security/cve/CVE-2020-8566.html
https://bugzilla.suse.com/1174219
https://bugzilla.suse.com/1174951
https://bugzilla.suse.com/1176752
https://bugzilla.suse.com/1176753
https://bugzilla.suse.com/1176754
https://bugzilla.suse.com/1176755
https://bugzilla.suse.com/1177661
https://bugzilla.suse.com/1177662