Описание
Security update for kubernetes1.23
This update for kubernetes1.23 fixes the following issues:
- CVE-2023-2431: Fixed a bypass issue of seccomp profile enforcement (bsc#1212493).
Список пакетов
SUSE Linux Enterprise Module for Containers 15 SP5
kubernetes1.23-client-1.23.17-150500.3.6.1
kubernetes1.23-client-common-1.23.17-150500.3.6.1
openSUSE Leap 15.5
kubernetes1.23-apiserver-1.23.17-150500.3.6.1
kubernetes1.23-client-1.23.17-150500.3.6.1
kubernetes1.23-client-bash-completion-1.23.17-150500.3.6.1
kubernetes1.23-client-common-1.23.17-150500.3.6.1
kubernetes1.23-client-fish-completion-1.23.17-150500.3.6.1
kubernetes1.23-controller-manager-1.23.17-150500.3.6.1
kubernetes1.23-kubeadm-1.23.17-150500.3.6.1
kubernetes1.23-kubelet-1.23.17-150500.3.6.1
kubernetes1.23-kubelet-common-1.23.17-150500.3.6.1
kubernetes1.23-proxy-1.23.17-150500.3.6.1
kubernetes1.23-scheduler-1.23.17-150500.3.6.1
Ссылки
- Link for SUSE-SU-2023:2691-1
- E-Mail link for SUSE-SU-2023:2691-1
- SUSE Security Ratings
- SUSE Bug 1212493
- SUSE CVE CVE-2023-2431 page
Описание
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.
Затронутые продукты
SUSE Linux Enterprise Module for Containers 15 SP5:kubernetes1.23-client-1.23.17-150500.3.6.1
SUSE Linux Enterprise Module for Containers 15 SP5:kubernetes1.23-client-common-1.23.17-150500.3.6.1
openSUSE Leap 15.5:kubernetes1.23-apiserver-1.23.17-150500.3.6.1
openSUSE Leap 15.5:kubernetes1.23-client-1.23.17-150500.3.6.1
Ссылки
- CVE-2023-2431
- SUSE Bug 1212493