SUSE Security Update: Security changes in Kubernetes, etcd, and skuba; Bugfix in cri-o package and make helm3 the default helm
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:3761-1
Rating:             important
References:         #1172270 #1173055 #1173165 #1174219 #1174951 
                    #1175352 #1176225 #1176578 #1176903 #1176904 
                    #1177361 #1177362 #1177660 #1177661 #1178785 
                    
Cross-References:   CVE-2020-15106 CVE-2020-8029 CVE-2020-8564
                    CVE-2020-8565
Affected Products:
                    SUSE CaaS Platform 4.5
______________________________________________________________________________

   An update that solves four vulnerabilities and has 11 fixes
   is now available.

Description:


   == Kubernetes & etcd (Security fixes)

   This fix involves an upgrade of Kubernetes and some add-ons. See
   https://documentation.suse.com/suse-caasp/4.5/html/caasp-admin/_cluster_upd
   ates.html#_updating_kubernetes_components for the upgrade procedure.

   == Skuba (Security fixes) & helm3 becomes the default helm

   In order to update skuba and helm or helm 3, you need to update the
   management workstation. See detailed instructions at
   https://documentation.suse.com/suse-caasp/4.5/html/caasp-admin/_cluster_upd
   ates.html#_update_management_workstation


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE CaaS Platform 4.5:

      To install this update, use the SUSE CaaS Platform 'skuba' tool. It
      will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - SUSE CaaS Platform 4.5 (aarch64 x86_64):

      caasp-release-4.5.2-1.8.2
      cri-o-1.18-1.18.4-4.3.2
      cri-o-1.18-kubeadm-criconfig-1.18.4-4.3.2
      etcdctl-3.4.13-3.3.1
      helm2-2.16.12-3.3.1
      helm3-3.3.3-3.8.1
      kubernetes-1.18-kubeadm-1.18.10-4.3.1
      kubernetes-1.18-kubelet-1.18.10-4.3.1
      patterns-caasp-Management-4.5-3.3.1
      skuba-2.1.11-3.10.1
      velero-1.4.2-3.3.1

   - SUSE CaaS Platform 4.5 (noarch):

      skuba-update-2.1.11-3.10.1


References:

   https://www.suse.com/security/cve/CVE-2020-15106.html
   https://www.suse.com/security/cve/CVE-2020-8029.html
   https://www.suse.com/security/cve/CVE-2020-8564.html
   https://www.suse.com/security/cve/CVE-2020-8565.html
   https://bugzilla.suse.com/1172270
   https://bugzilla.suse.com/1173055
   https://bugzilla.suse.com/1173165
   https://bugzilla.suse.com/1174219
   https://bugzilla.suse.com/1174951
   https://bugzilla.suse.com/1175352
   https://bugzilla.suse.com/1176225
   https://bugzilla.suse.com/1176578
   https://bugzilla.suse.com/1176903
   https://bugzilla.suse.com/1176904
   https://bugzilla.suse.com/1177361
   https://bugzilla.suse.com/1177362
   https://bugzilla.suse.com/1177660
   https://bugzilla.suse.com/1177661
   https://bugzilla.suse.com/1178785