SUSE-SU-2023:2544-1

Опубликовано: 19 июн. 2023

Источник: suse-cvrf

Описание

Security update for kubernetes1.24

This update for kubernetes1.24 fixes the following issues:

CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin (bsc#1211630).
CVE-2023-2728: Fixed bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin (bsc#1211631).

Список пакетов

SUSE Linux Enterprise Module for Containers 15 SP5

kubernetes1.24-client-1.24.13-150500.3.3.1

kubernetes1.24-client-common-1.24.13-150500.3.3.1

openSUSE Leap 15.5

kubernetes1.24-apiserver-1.24.13-150500.3.3.1

kubernetes1.24-client-1.24.13-150500.3.3.1

kubernetes1.24-client-bash-completion-1.24.13-150500.3.3.1

kubernetes1.24-client-common-1.24.13-150500.3.3.1

kubernetes1.24-client-fish-completion-1.24.13-150500.3.3.1

kubernetes1.24-controller-manager-1.24.13-150500.3.3.1

kubernetes1.24-kubeadm-1.24.13-150500.3.3.1

kubernetes1.24-kubelet-1.24.13-150500.3.3.1

kubernetes1.24-kubelet-common-1.24.13-150500.3.3.1

kubernetes1.24-proxy-1.24.13-150500.3.3.1

kubernetes1.24-scheduler-1.24.13-150500.3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232544-1/
Link for SUSE-SU-2023:2544-1
https://lists.suse.com/pipermail/sle-updates/2023-June/029928.html
E-Mail link for SUSE-SU-2023:2544-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1211630
SUSE Bug 1211630
https://bugzilla.suse.com/1211631
SUSE Bug 1211631
https://www.suse.com/security/cve/CVE-2023-2727/
SUSE CVE CVE-2023-2727 page
https://www.suse.com/security/cve/CVE-2023-2728/
SUSE CVE CVE-2023-2728 page

Описание

Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.

Затронутые продукты

SUSE Linux Enterprise Module for Containers 15 SP5:kubernetes1.24-client-1.24.13-150500.3.3.1

SUSE Linux Enterprise Module for Containers 15 SP5:kubernetes1.24-client-common-1.24.13-150500.3.3.1

openSUSE Leap 15.5:kubernetes1.24-apiserver-1.24.13-150500.3.3.1

openSUSE Leap 15.5:kubernetes1.24-client-1.24.13-150500.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-2727.html
CVE-2023-2727
https://bugzilla.suse.com/1211630
SUSE Bug 1211630

Описание

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account's secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.

Затронутые продукты

SUSE Linux Enterprise Module for Containers 15 SP5:kubernetes1.24-client-1.24.13-150500.3.3.1

SUSE Linux Enterprise Module for Containers 15 SP5:kubernetes1.24-client-common-1.24.13-150500.3.3.1

openSUSE Leap 15.5:kubernetes1.24-apiserver-1.24.13-150500.3.3.1

openSUSE Leap 15.5:kubernetes1.24-client-1.24.13-150500.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-2728.html
CVE-2023-2728
https://bugzilla.suse.com/1211631
SUSE Bug 1211631

SUSE-SU-2023:2544-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Containers 15 SP5

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2023-2727

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-2728

Описание

Затронутые продукты

Ссылки