Описание
Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:
- Collect component Role rules under operator Role instead of ClusterRole (bsc#1223965, CVE-2024-33394)
- Ensure procps is installed (provides ps for tests)
Containers were rebuilt against current go and maintenance updates.
Список пакетов
SUSE Linux Enterprise Module for Containers 15 SP6
openSUSE Leap 15.6
Ссылки
- Link for SUSE-SU-2024:2318-1
- E-Mail link for SUSE-SU-2024:2318-1
- SUSE Security Ratings
- SUSE Bug 1223965
- SUSE CVE CVE-2024-33394 page
Описание
An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.
Затронутые продукты
Ссылки
- CVE-2024-33394
- SUSE Bug 1223965