Security update for kubernetes

SUSE Security Update: Security update for kubernetes
Announcement ID: SUSE-SU-2018:1982-1
Rating: moderate
References: #1069469 #1089654 #1089991
Affected Products:
  • SUSE CaaS Platform ALL

  • An update that solves one vulnerability and has two fixes is now available.


    This update for kubernetes to version
    1.8.10+044cd262c40234014f01b40ed7b9d09adbafe9b1 fixes the following issues:

    This security issue was fixed:

    - CVE-2018-1002100: The kubectl cp command insecurely handled tar data
    returned from the container. This could have been used to overwrite
    arbitrary local files (bsc#1089654).

    These non-security issues were fixed:

    - Prevent the Kubernetes image GC from cleaning the images that have been
    loaded using container-feeder (bsc#1069469)
    - Update hosts in EnsureLoadBalancer()
    - external lb - move target pool operation into its own function
    - Update event-exporter
    - Fixes the regression of GCEPD not provisioning correctly on alpha
    - Allow update/patch of CRD while terminating
    - add remount logic for azure file plugin
    - 1.8 edition: Pass in etcd TLS credentials during migrate and rollback
    - purge all the -v references from e2e.go
    - Check whether it is running locally when UseInstanceMetadata
    - Get external IP for azure standard nodes
    - Kubernetes version v1.8.10-beta.0 openapi-spec file updates
    - Fix CleanupGCEResources for regional test
    - Detect backsteps correctly in base path detection
    - Add atomic writer subpath e2e tests
    - Exclude commas when pulling the tag out of the git export-subst format
    - bugfix(mount): lstat with abs path of parent instead of '/..'

    Patch Instructions:

    To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
    Alternatively you can run the command listed for your product:

    • SUSE CaaS Platform ALL:
      To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.

    Package List:

    • SUSE CaaS Platform ALL (x86_64):
      • kubernetes-client-1.8.10-3.3.1
      • kubernetes-common-1.8.10-3.3.1
      • kubernetes-kubelet-1.8.10-3.3.1
      • kubernetes-master-1.8.10-3.3.1
      • kubernetes-node-1.8.10-3.3.1