SUSE Security Update: Security changes in Kubernetes, etcd, and skuba; Bugfix in cri-o package and make helm3 the default helm
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:3761-1
Rating:             important
References:         #1172270 #1173055 #1173165 #1174219 #1174951 
                    #1175352 #1176225 #1176578 #1176903 #1176904 
                    #1177361 #1177362 #1177660 #1177661 #1178785 
                    
Cross-References:   CVE-2020-15106 CVE-2020-8029 CVE-2020-8564
                    CVE-2020-8565
Affected Products:
                    SUSE CaaS Platform 4.5
______________________________________________________________________________

   An update that solves four vulnerabilities and has 11 fixes
   is now available.

Description:


   == Kubernetes & etcd (Security fixes)

   This fix involves an upgrade of Kubernetes and some add-ons. See
   https://documentation.suse.com:443/suse-caasp/4.5/
   ates.html#_updating_kubernetes_components for the upgrade procedure.

   == Skuba (Security fixes) & helm3 becomes the default helm

   In order to update skuba and helm or helm 3, you need to update the
   management workstation. See detailed instructions at
   https://documentation.suse.com:443/suse-caasp/4.5/
   ates.html#_update_management_workstation


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE CaaS Platform 4.5:

      To install this update, use the SUSE CaaS Platform 'skuba' tool. It
      will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - SUSE CaaS Platform 4.5 (aarch64 x86_64):

      caasp-release-4.5.2-1.8.2
      cri-o-1.18-1.18.4-4.3.2
      cri-o-1.18-kubeadm-criconfig-1.18.4-4.3.2
      etcdctl-3.4.13-3.3.1
      helm2-2.16.12-3.3.1
      helm3-3.3.3-3.8.1
      kubernetes-1.18-kubeadm-1.18.10-4.3.1
      kubernetes-1.18-kubelet-1.18.10-4.3.1
      patterns-caasp-Management-4.5-3.3.1
      skuba-2.1.11-3.10.1
      velero-1.4.2-3.3.1

   - SUSE CaaS Platform 4.5 (noarch):

      skuba-update-2.1.11-3.10.1


References:

   https://www.suse.com/security/cve/CVE-2020-15106.html
   https://www.suse.com/security/cve/CVE-2020-8029.html
   https://www.suse.com/security/cve/CVE-2020-8564.html
   https://www.suse.com/security/cve/CVE-2020-8565.html
   https://bugzilla.suse.com/1172270
   https://bugzilla.suse.com/1173055
   https://bugzilla.suse.com/1173165
   https://bugzilla.suse.com/1174219
   https://bugzilla.suse.com/1174951
   https://bugzilla.suse.com/1175352
   https://bugzilla.suse.com/1176225
   https://bugzilla.suse.com/1176578
   https://bugzilla.suse.com/1176903
   https://bugzilla.suse.com/1176904
   https://bugzilla.suse.com/1177361
   https://bugzilla.suse.com/1177362
   https://bugzilla.suse.com/1177660
   https://bugzilla.suse.com/1177661
   https://bugzilla.suse.com/1178785

SUSE: 2020:3761-1 important: Security changes in Kubernetes, etcd, and skuba; Bugfix in cr

December 11, 2020
An update that solves four vulnerabilities and has 11 fixes is now available

Summary

== Kubernetes & etcd (Security fixes) This fix involves an upgrade of Kubernetes and some add-ons. See https://documentation.suse.com:443/suse-caasp/4.5/ ates.html#_updating_kubernetes_components for the upgrade procedure. == Skuba (Security fixes) & helm3 becomes the default helm In order to update skuba and helm or helm 3, you need to update the management workstation. See detailed instructions at https://documentation.suse.com:443/suse-caasp/4.5/ ates.html#_update_management_workstation Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 4.5: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 4.5 (aarch64 x86_64): caasp-release-4.5.2-1.8.2 cri-o-1.18-1.18.4-4.3.2 cri-o-1.18-kubeadm-criconfig-1.18.4-4.3.2 etcdctl-3.4.13-3.3.1 helm2-2.16.12-3.3.1 helm3-3.3.3-3.8.1 kubernetes-1.18-kubeadm-1.18.10-4.3.1 kubernetes-1.18-kubelet-1.18.10-4.3.1 patterns-caasp-Management-4.5-3.3.1 skuba-2.1.11-3.10.1 velero-1.4.2-3.3.1 - SUSE CaaS Platform 4.5 (noarch): skuba-update-2.1.11-3.10.1

References

#1172270 #1173055 #1173165 #1174219 #1174951

#1175352 #1176225 #1176578 #1176903 #1176904

#1177361 #1177362 #1177660 #1177661 #1178785

Cross- CVE-2020-15106 CVE-2020-8029 CVE-2020-8564

CVE-2020-8565

Affected Products:

SUSE CaaS Platform 4.5

https://www.suse.com/security/cve/CVE-2020-15106.html

https://www.suse.com/security/cve/CVE-2020-8029.html

https://www.suse.com/security/cve/CVE-2020-8564.html

https://www.suse.com/security/cve/CVE-2020-8565.html

https://bugzilla.suse.com/1172270

https://bugzilla.suse.com/1173055

https://bugzilla.suse.com/1173165

https://bugzilla.suse.com/1174219

https://bugzilla.suse.com/1174951

https://bugzilla.suse.com/1175352

https://bugzilla.suse.com/1176225

https://bugzilla.suse.com/1176578

https://bugzilla.suse.com/1176903

https://bugzilla.suse.com/1176904

https://bugzilla.suse.com/1177361

https://bugzilla.suse.com/1177362

https://bugzilla.suse.com/1177660

https://bugzilla.suse.com/1177661

https://bugzilla.suse.com/1178785

Severity
Announcement ID: SUSE-SU-2020:3761-1
Rating: important

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved