SUSE-SU-2024:1403-1

Опубликовано: 23 апр. 2024

Источник: suse-cvrf

Описание

Security update for kubernetes1.24

This update for kubernetes1.24 fixes the following issues:

CVE-2024-3177: Fixed bypass of mountable secrets policy imposed by the ServiceAccount admission plugin (bsc#1222539)

Список пакетов

SUSE Linux Enterprise Module for Containers 15 SP5

kubernetes1.24-client-1.24.17-150500.3.16.1

kubernetes1.24-client-common-1.24.17-150500.3.16.1

openSUSE Leap 15.5

kubernetes1.24-apiserver-1.24.17-150500.3.16.1

kubernetes1.24-client-1.24.17-150500.3.16.1

kubernetes1.24-client-bash-completion-1.24.17-150500.3.16.1

kubernetes1.24-client-common-1.24.17-150500.3.16.1

kubernetes1.24-client-fish-completion-1.24.17-150500.3.16.1

kubernetes1.24-controller-manager-1.24.17-150500.3.16.1

kubernetes1.24-kubeadm-1.24.17-150500.3.16.1

kubernetes1.24-kubelet-1.24.17-150500.3.16.1

kubernetes1.24-kubelet-common-1.24.17-150500.3.16.1

kubernetes1.24-proxy-1.24.17-150500.3.16.1

kubernetes1.24-scheduler-1.24.17-150500.3.16.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20241403-1/
Link for SUSE-SU-2024:1403-1
https://lists.suse.com/pipermail/sle-updates/2024-April/035070.html
E-Mail link for SUSE-SU-2024:1403-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1222539
SUSE Bug 1222539
https://www.suse.com/security/cve/CVE-2024-3177/
SUSE CVE CVE-2024-3177 page

Описание

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account's secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated.

Затронутые продукты

SUSE Linux Enterprise Module for Containers 15 SP5:kubernetes1.24-client-1.24.17-150500.3.16.1

SUSE Linux Enterprise Module for Containers 15 SP5:kubernetes1.24-client-common-1.24.17-150500.3.16.1

openSUSE Leap 15.5:kubernetes1.24-apiserver-1.24.17-150500.3.16.1

openSUSE Leap 15.5:kubernetes1.24-client-1.24.17-150500.3.16.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-3177.html
CVE-2024-3177
https://bugzilla.suse.com/1222539
SUSE Bug 1222539

SUSE-SU-2024:1403-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Containers 15 SP5

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2024-3177

Описание

Затронутые продукты

Ссылки