Explore top 10 tips to secure your open-source projects now. Read More
×An update that can now be installed.. # Security update for kubernetes Announcement ID: SUSE-SU-2026:2942-1 Release Date: 2026-07-14T06:10:19Z Rating: important References: Affected Products: * Containers Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for kubernetes rebuilds it against the current go security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-2942=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2942=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * kubernetes1.35-client-1.35.4-150600.13.36.1 * kubernetes1.35-client-common-1.35.4-150600.13.36.1 * openSUSE Leap 15.6 (noarch) * kubernetes1.35-client-bash-completion-1.35.4-150600.13.36.1 * kubernetes1.35-client-fish-completion-1.35.4-150600.13.36.1 * Containers Module 15-SP7 (noarch) * kubernetes1.35-client-bash-completion-1.35.4-150600.13.36.1 * Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64) * kubernetes1.35-client-1.35.4-150600.13.36.1 * kubernetes1.35-client-common-1.35.4-150600.13.36.1 . Critical update for kubernetes in openSUSE to address security issues enhancing system integrity and performance.. openSUSE Kubernetes security update, kubernetes patch management, important kubernetes updates. . Severity: Important. LinuxSecurity.com Team
Rebuild with newer golang toolchain. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e48c1b5f93 2026-07-10 01:05:32.166941+00:00 -------------------------------------------------------------------------------- Name : kind Product : Fedora 43 Version : 0.31.0 Release : 4.fc43 URL : https://github.com/kubernetes-sigs/kind Summary : Kubernetes IN Docker Description : Kubernetes IN Docker - local clusters for testing Kubernetes. -------------------------------------------------------------------------------- Update Information: Rebuild with newer golang toolchain -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 7 2026 blinxen - 0.31.0-4 - Rebuild (rhbz#2494326) * Tue Feb 3 2026 Mikel Olasagasti Uranga - 0.31.0-3 - Use correct goipath * Tue Feb 3 2026 Maxwell G - 0.31.0-2 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e48c1b5f93' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to release v1.35.6 Resolves: rhbz#2467606 Upstream fixes. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-0544eff1d8 2026-06-21 01:09:26.438232+00:00 -------------------------------------------------------------------------------- Name : kubernetes1.35 Product : Fedora 43 Version : 1.35.6 Release : 1.fc43 URL : https://github.com/kubernetes/kubernetes Summary : Open Source Production-Grade Container Scheduling And Management Platform Description : Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machines. -------------------------------------------------------------------------------- Update Information: Update to release v1.35.6 Resolves: rhbz#2467606 Upstream fixes -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 12 2026 Bradley G Smith - 1.35.6-1 - Update to release v1.35.6 - Resolves: rhbz#2467606 - Upstream fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #2467606 - CVE-2026-35469 kubernetes1.35: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2467606 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-0544eff1d8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by theFedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that solves two vulnerabilities and has one security fix can now be installed.. # Security update for kubernetes1.27 Announcement ID: SUSE-SU-2026:2339-1 Release Date: 2026-06-10T13:14:18Z Rating: important References: * bsc#1251168 * bsc#1262271 * bsc#1265740 Cross-References: * CVE-2026-33814 * CVE-2026-35469 CVSS scores: * CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35469 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35469 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35469 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for kubernetes1.27 fixes the following issues * CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1265740). * CVE-2026-35469:github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of service (bsc#1262271). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2339=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2339=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2339=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2339=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2339=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2339=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2339=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2339=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2339=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kubernetes1.27-proxy-1.27.16-150400.9.21.1 * kubernetes1.27-client-1.27.16-150400.9.21.1 * kubernetes1.27-apiserver-1.27.16-150400.9.21.1 * kubernetes1.27-kubeadm-1.27.16-150400.9.21.1 * kubernetes1.27-kubelet-1.27.16-150400.9.21.1 * kubernetes1.27-scheduler-1.27.16-150400.9.21.1 * kubernetes1.27-kubelet-common-1.27.16-150400.9.21.1 * kubernetes1.27-controller-manager-1.27.16-150400.9.21.1 * kubernetes1.27-client-common-1.27.16-150400.9.21.1 * openSUSE Leap 15.4 (noarch) *kubernetes1.27-client-fish-completion-1.27.16-150400.9.21.1 * kubernetes1.27-client-bash-completion-1.27.16-150400.9.21.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * kubernetes1.27-client-1.27.16-150400.9.21.1 * kubernetes1.27-client-common-1.27.16-150400.9.21.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * kubernetes1.27-client-1.27.16-150400.9.21.1 * kubernetes1.27-client-common-1.27.16-150400.9.21.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * kubernetes1.27-client-1.27.16-150400.9.21.1 * kubernetes1.27-client-common-1.27.16-150400.9.21.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * kubernetes1.27-client-1.27.16-150400.9.21.1 * kubernetes1.27-client-common-1.27.16-150400.9.21.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * kubernetes1.27-client-1.27.16-150400.9.21.1 * kubernetes1.27-client-common-1.27.16-150400.9.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * kubernetes1.27-client-1.27.16-150400.9.21.1 * kubernetes1.27-client-common-1.27.16-150400.9.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * kubernetes1.27-client-1.27.16-150400.9.21.1 * kubernetes1.27-client-common-1.27.16-150400.9.21.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * kubernetes1.27-client-1.27.16-150400.9.21.1 * kubernetes1.27-client-common-1.27.16-150400.9.21.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33814.html * https://www.suse.com/security/cve/CVE-2026-35469.html * https://bugzilla.suse.com/show_bug.cgi?id=1251168 * https://bugzilla.suse.com/show_bug.cgi?id=1262271 * https://bugzilla.suse.com/show_bug.cgi?id=1265740 . # Security update for kubernetes1.27 Announcement ID: SUSE-SU-2026:2339-1 Release Date: 2026-06-10T1. security,update, solves, vulnerabilities, installed. . Severity: Important. LinuxSecurity.com Team
An update that solves two vulnerabilities can now be installed.. # Security update for kubernetes Announcement ID: SUSE-SU-2026:2342-1 Release Date: 2026-06-10T13:15:04Z Rating: important References: * bsc#1262270 * bsc#1265748 Cross-References: * CVE-2026-33814 * CVE-2026-35469 CVSS scores: * CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35469 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35469 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35469 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * Containers Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for kubernetes fixes the following issues * CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1265748). * CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of service (bsc#1262270). Changes for kubernetes: * Update to version 1.35.4: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2342=1 * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-2342=1 ## Package List: * openSUSELeap 15.6 (aarch64 ppc64le s390x x86_64) * kubernetes1.35-client-common-1.35.4-150600.13.34.1 * kubernetes1.35-client-1.35.4-150600.13.34.1 * openSUSE Leap 15.6 (noarch) * kubernetes1.35-client-bash-completion-1.35.4-150600.13.34.1 * kubernetes1.35-client-fish-completion-1.35.4-150600.13.34.1 * Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64) * kubernetes1.35-client-common-1.35.4-150600.13.34.1 * kubernetes1.35-client-1.35.4-150600.13.34.1 * Containers Module 15-SP7 (noarch) * kubernetes1.35-client-bash-completion-1.35.4-150600.13.34.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33814.html * https://www.suse.com/security/cve/CVE-2026-35469.html * https://bugzilla.suse.com/show_bug.cgi?id=1262270 * https://bugzilla.suse.com/show_bug.cgi?id=1265748 . Important update for openSUSE addresses two critical security issues in Kubernetes. Install recommended patches now.. openSUSE Kubernetes security update vulnerabilities DenialOfService infiniteLoop. . Severity: Important. LinuxSecurity.com Team
An update that solves two vulnerabilities and has one security fix can now be installed.. # Security update for kubernetes1.24 Announcement ID: SUSE-SU-2026:2343-1 Release Date: 2026-06-10T13:15:21Z Rating: important References: * bsc#1251168 * bsc#1262271 * bsc#1265740 Cross-References: * CVE-2026-33814 * CVE-2026-35469 CVSS scores: * CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35469 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35469 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35469 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for kubernetes1.24 fixes the following issues * CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1265740). * CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of service (bsc#1262271). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSELeap 15.5 zypper in -t patch SUSE-2026-2343=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2343=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2343=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2343=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2343=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kubernetes1.24-apiserver-1.24.17-150500.3.33.1 * kubernetes1.24-client-1.24.17-150500.3.33.1 * kubernetes1.24-kubeadm-1.24.17-150500.3.33.1 * kubernetes1.24-scheduler-1.24.17-150500.3.33.1 * kubernetes1.24-kubelet-common-1.24.17-150500.3.33.1 * kubernetes1.24-controller-manager-1.24.17-150500.3.33.1 * kubernetes1.24-kubelet-1.24.17-150500.3.33.1 * kubernetes1.24-proxy-1.24.17-150500.3.33.1 * kubernetes1.24-client-common-1.24.17-150500.3.33.1 * openSUSE Leap 15.5 (noarch) * kubernetes1.24-client-fish-completion-1.24.17-150500.3.33.1 * kubernetes1.24-client-bash-completion-1.24.17-150500.3.33.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * kubernetes1.24-client-common-1.24.17-150500.3.33.1 * kubernetes1.24-client-1.24.17-150500.3.33.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * kubernetes1.24-client-common-1.24.17-150500.3.33.1 * kubernetes1.24-client-1.24.17-150500.3.33.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * kubernetes1.24-client-common-1.24.17-150500.3.33.1 * kubernetes1.24-client-1.24.17-150500.3.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * kubernetes1.24-client-common-1.24.17-150500.3.33.1 *kubernetes1.24-client-1.24.17-150500.3.33.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33814.html * https://www.suse.com/security/cve/CVE-2026-35469.html * https://bugzilla.suse.com/show_bug.cgi?id=1251168 * https://bugzilla.suse.com/show_bug.cgi?id=1262271 * https://bugzilla.suse.com/show_bug.cgi?id=1265740 . # Security update for kubernetes1.24 Announcement ID: SUSE-SU-2026:2343-1 Release Date: 2026-06-10T1. security, update, solves, vulnerabilities, installed. . Severity: Important. LinuxSecurity.com Team
An update that solves two vulnerabilities and has one security fix can now be installed.. # Security update for kubernetes1.28 Announcement ID: SUSE-SU-2026:2344-1 Release Date: 2026-06-10T13:16:04Z Rating: important References: * bsc#1251168 * bsc#1262271 * bsc#1265740 Cross-References: * CVE-2026-33814 * CVE-2026-35469 CVSS scores: * CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35469 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35469 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35469 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for kubernetes1.28 fixes the following issues: Security fixes: * CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1265740). *CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of service (bsc#1262271). Other fixes: * Adding `Requires: diffutils` dependency to Kubernetes*-client package (bsc#1251168) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2344=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2344=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2344=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2344=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2344=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2344=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2344=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2344=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2344=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * kubernetes1.28-client-common-1.28.13-150400.9.19.1 * kubernetes1.28-client-1.28.13-150400.9.19.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * kubernetes1.28-client-common-1.28.13-150400.9.19.1 * kubernetes1.28-client-1.28.13-150400.9.19.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * kubernetes1.28-client-common-1.28.13-150400.9.19.1 * kubernetes1.28-client-1.28.13-150400.9.19.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * kubernetes1.28-client-common-1.28.13-150400.9.19.1 * kubernetes1.28-client-1.28.13-150400.9.19.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kubernetes1.28-proxy-1.28.13-150400.9.19.1 * kubernetes1.28-kubelet-1.28.13-150400.9.19.1 * kubernetes1.28-kubeadm-1.28.13-150400.9.19.1 * kubernetes1.28-client-common-1.28.13-150400.9.19.1 * kubernetes1.28-client-1.28.13-150400.9.19.1 * kubernetes1.28-apiserver-1.28.13-150400.9.19.1 * kubernetes1.28-kubelet-common-1.28.13-150400.9.19.1 * kubernetes1.28-scheduler-1.28.13-150400.9.19.1 * kubernetes1.28-controller-manager-1.28.13-150400.9.19.1 * openSUSE Leap 15.4 (noarch) * kubernetes1.28-client-bash-completion-1.28.13-150400.9.19.1 * kubernetes1.28-client-fish-completion-1.28.13-150400.9.19.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * kubernetes1.28-client-common-1.28.13-150400.9.19.1 * kubernetes1.28-client-1.28.13-150400.9.19.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * kubernetes1.28-client-common-1.28.13-150400.9.19.1 * kubernetes1.28-client-1.28.13-150400.9.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * kubernetes1.28-client-common-1.28.13-150400.9.19.1 * kubernetes1.28-client-1.28.13-150400.9.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * kubernetes1.28-client-common-1.28.13-150400.9.19.1 * kubernetes1.28-client-1.28.13-150400.9.19.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33814.html * https://www.suse.com/security/cve/CVE-2026-35469.html * https://bugzilla.suse.com/show_bug.cgi?id=1251168 * https://bugzilla.suse.com/show_bug.cgi?id=1262271 * https://bugzilla.suse.com/show_bug.cgi?id=1265740 .Critical update for openSUSE Kubernetes resolves important security issues including denial of service threats.. openSUSE update,kubernetes security,security patch,threat mitigation,SUSE advisory. . Severity: Important. LinuxSecurity.com Team
An update that solves two vulnerabilities and has one security fix can now be installed.. # Security update for kubernetes1.23 Announcement ID: SUSE-SU-2026:2315-1 Release Date: 2026-06-09T12:51:53Z Rating: important References: * bsc#1251168 * bsc#1262271 * bsc#1265740 Cross-References: * CVE-2026-33814 * CVE-2026-35469 CVSS scores: * CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35469 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35469 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35469 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for kubernetes1.23 fixes the following issues * CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1265740). * CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of service (bsc#1262271). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSELeap 15.3 zypper in -t patch SUSE-2026-2315=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2315=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2315=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2315=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2315=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * kubernetes1.23-kubeadm-1.23.17-150300.7.17.1 * kubernetes1.23-kubelet-common-1.23.17-150300.7.17.1 * kubernetes1.23-controller-manager-1.23.17-150300.7.17.1 * kubernetes1.23-apiserver-1.23.17-150300.7.17.1 * kubernetes1.23-client-common-1.23.17-150300.7.17.1 * kubernetes1.23-scheduler-1.23.17-150300.7.17.1 * kubernetes1.23-proxy-1.23.17-150300.7.17.1 * kubernetes1.23-client-1.23.17-150300.7.17.1 * kubernetes1.23-kubelet-1.23.17-150300.7.17.1 * openSUSE Leap 15.3 (noarch) * kubernetes1.23-client-fish-completion-1.23.17-150300.7.17.1 * kubernetes1.23-client-bash-completion-1.23.17-150300.7.17.1 * openSUSE Leap 15.3 (ppc64le) * kubernetes1.23-apiserver-debuginfo-1.23.17-150300.7.17.1 * kubernetes1.23-client-debuginfo-1.23.17-150300.7.17.1 * kubernetes1.23-scheduler-debuginfo-1.23.17-150300.7.17.1 * kubernetes1.23-kubeadm-debuginfo-1.23.17-150300.7.17.1 * kubernetes1.23-proxy-debuginfo-1.23.17-150300.7.17.1 * kubernetes1.23-controller-manager-debuginfo-1.23.17-150300.7.17.1 * kubernetes1.23-kubelet-debuginfo-1.23.17-150300.7.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * kubernetes1.23-client-1.23.17-150300.7.17.1 * kubernetes1.23-client-common-1.23.17-150300.7.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * kubernetes1.23-client-1.23.17-150300.7.17.1 * kubernetes1.23-client-common-1.23.17-150300.7.17.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * kubernetes1.23-client-1.23.17-150300.7.17.1 * kubernetes1.23-client-common-1.23.17-150300.7.17.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (ppc64le) * kubernetes1.23-client-debuginfo-1.23.17-150300.7.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * kubernetes1.23-client-1.23.17-150300.7.17.1 * kubernetes1.23-client-common-1.23.17-150300.7.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le) * kubernetes1.23-client-debuginfo-1.23.17-150300.7.17.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33814.html * https://www.suse.com/security/cve/CVE-2026-35469.html * https://bugzilla.suse.com/show_bug.cgi?id=1251168 * https://bugzilla.suse.com/show_bug.cgi?id=1262271 * https://bugzilla.suse.com/show_bug.cgi?id=1265740 . Security update for kubernetes1.23 addresses important vulnerabilities; apply fixes for better protection.. Kubernetes Update, SUSE Security Patch, Denial of Service, HTTP Transport Issue. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.