exploitDog

SUSE-RU-2020:2204-1

Опубликовано: 11 авг. 2020

Источник: suse-cvrf

Описание

Bugfixes on cilium, gangway and skuba and security fix for Kubernetes (cve-2020-8557)

= Required Actions

== Kubernetes (Security fix)

This fix will be applied to the kubelet daemon running on the nodes by skuba-update. See https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_cluster_updates.html#_base_os_updates for more details. Make sure you look at the Release Notes https://www.suse.com/releasenotes/x86_64/SUSE-CAASP/4/#_changes_in_4_2_2 for any known bug.

== Cilium Bugfix

Cilium will be updated by skuba addon upgrade. No action is required from your side. For more info see https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_cluster_updates.html#_generating_an_overview_of_available_addon_updates

== Gangway bugfix

Gangway will be updated by skuba addon upgrade. No action is required from your side. For more info see https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_cluster_updates.html#_generating_an_overview_of_available_addon_updates == Skuba

In order to update skuba, you need to update the admin workstation. See detailed instructions at https://documentation.suse.com/suse-caasp/4.1/html/caasp-admin/_cluster_updates.html#_update_management_workstation

Список пакетов

Container caasp/v4/caasp-dex:2.16.0

caasp-dex-2.16.0-3.7.1

Container caasp/v4/cilium-operator:1.6.6

cilium-operator-1.6.6-3.10.1

Container caasp/v4/cilium:1.6.6

cilium-1.6.6-3.10.1

cilium-cni-1.6.6-3.10.1

Container caasp/v4/gangway:3.1.0

gangway-3.1.0-4.5.1

Container caasp/v4/hyperkube:v1.17.17

kubernetes-common-1.17.4-4.18.1

Container caasp/v4/kubernetes-client:1.17.17

kubernetes-client-1.17.4-4.18.1

kubernetes-common-1.17.4-4.18.1

Container caasp/v4/kucero:1.3.0

kubernetes-client-1.17.4-4.18.1

kubernetes-common-1.17.4-4.18.1

Container caasp/v4/kured:1.3.0

kubernetes-client-1.17.4-4.18.1

kubernetes-common-1.17.4-4.18.1

SUSE Linux Enterprise Module for Containers 15 SP1

kubernetes-client-1.17.4-4.18.1

kubernetes-common-1.17.4-4.18.1

Ссылки

https://www.suse.com/support/update/announcement/-2020-2204/suse-ru-20202204-1/
Link for SUSE-RU-2020:2204-1
https://lists.suse.com/pipermail/sle-updates/2020-August/015702.html
E-Mail link for SUSE-RU-2020:2204-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1146991
SUSE Bug 1146991
https://bugzilla.suse.com/1173039
SUSE Bug 1173039
https://bugzilla.suse.com/1173055
SUSE Bug 1173055
https://bugzilla.suse.com/1173165
SUSE Bug 1173165
https://bugzilla.suse.com/1173984
SUSE Bug 1173984
https://www.suse.com/security/cve/CVE-2020-8557/
SUSE CVE CVE-2020-8557 page

Описание

The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail.

Затронутые продукты

Container caasp/v4/caasp-dex:2.16.0:caasp-dex-2.16.0-3.7.1

Container caasp/v4/cilium-operator:1.6.6:cilium-operator-1.6.6-3.10.1

Container caasp/v4/cilium:1.6.6:cilium-1.6.6-3.10.1

Container caasp/v4/cilium:1.6.6:cilium-cni-1.6.6-3.10.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-8557.html
CVE-2020-8557
https://bugzilla.suse.com/1173984
SUSE Bug 1173984