Описание
Security update for kubernetes1.18
This update for kubernetes1.18 fixes the following issues:
- CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin (bsc#1211630).
- CVE-2023-2728: Fixed bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin (bsc#1211631).
Список пакетов
SUSE Enterprise Storage 7
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
SUSE Linux Enterprise Module for Containers 15 SP4
SUSE Linux Enterprise Server 15 SP2-LTSS
SUSE Linux Enterprise Server 15 SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
openSUSE Leap 15.4
openSUSE Leap 15.5
Ссылки
- Link for SUSE-SU-2023:2541-1
- E-Mail link for SUSE-SU-2023:2541-1
- SUSE Security Ratings
- SUSE Bug 1211630
- SUSE Bug 1211631
- SUSE CVE CVE-2023-2727 page
- SUSE CVE CVE-2023-2728 page
Описание
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
Затронутые продукты
Ссылки
- CVE-2023-2727
- SUSE Bug 1211630
Описание
Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account's secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.
Затронутые продукты
Ссылки
- CVE-2023-2728
- SUSE Bug 1211631