Security changes in Kubernetes, etcd, and skuba; Bugfix in cri-o package and make helm3 the default helm

SUSE Security Update: Security changes in Kubernetes, etcd, and skuba; Bugfix in cri-o package and make helm3 the default helm

---

Announcement ID:	SUSE-SU-2020:3761-1
Rating:	important
References:	#1172270 #1173055 #1173165 #1174219 #1174951 #1175352 #1176225 #1176578 #1176903 #1176904 #1177361 #1177362 #1177660 #1177661 #1178785
Cross-References:	CVE-2020-15106 CVE-2020-8029 CVE-2020-8564 CVE-2020-8565
Affected Products:	SUSE CaaS Platform 4.5

---

An update that solves four vulnerabilities and has 11 fixes is now available.

Description:

== Kubernetes & etcd (Security fixes)
This fix involves an upgrade of Kubernetes and some add-ons. See https://documentation.suse.com/suse-caasp/4.5/html/caasp-admin/_cluster_upd ates.html#_updating_kubernetes_components for the upgrade procedure.
== Skuba (Security fixes) & helm3 becomes the default helm
In order to update skuba and helm or helm 3, you need to update the management workstation. See detailed instructions at https://documentation.suse.com/suse-caasp/4.5/html/caasp-admin/_cluster_upd ates.html#_update_management_workstation

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE CaaS Platform 4.5:
  To install this update, use the SUSE CaaS Platform 'skuba' tool. I will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.

Package List:

• SUSE CaaS Platform 4.5 (aarch64 x86_64):
  • caasp-release-4.5.2-1.8.2
  • cri-o-1.18-1.18.4-4.3.2
  • cri-o-1.18-kubeadm-criconfig-1.18.4-4.3.2
  • etcdctl-3.4.13-3.3.1
  • helm2-2.16.12-3.3.1
  • helm3-3.3.3-3.8.1
  • kubernetes-1.18-kubeadm-1.18.10-4.3.1
  • kubernetes-1.18-kubelet-1.18.10-4.3.1
  • patterns-caasp-Management-4.5-3.3.1
  • skuba-2.1.11-3.10.1
  • velero-1.4.2-3.3.1
• SUSE CaaS Platform 4.5 (noarch):
  • skuba-update-2.1.11-3.10.1

References:

• https://www.suse.com/security/cve/CVE-2020-15106.html
• https://www.suse.com/security/cve/CVE-2020-8029.html
• https://www.suse.com/security/cve/CVE-2020-8564.html
• https://www.suse.com/security/cve/CVE-2020-8565.html
• https://bugzilla.suse.com/1172270
• https://bugzilla.suse.com/1173055
• https://bugzilla.suse.com/1173165
• https://bugzilla.suse.com/1174219
• https://bugzilla.suse.com/1174951
• https://bugzilla.suse.com/1175352
• https://bugzilla.suse.com/1176225
• https://bugzilla.suse.com/1176578
• https://bugzilla.suse.com/1176903
• https://bugzilla.suse.com/1176904
• https://bugzilla.suse.com/1177361
• https://bugzilla.suse.com/1177362
• https://bugzilla.suse.com/1177660
• https://bugzilla.suse.com/1177661
• https://bugzilla.suse.com/1178785