Release Request for CaaSP 4.5.1

Announcement ID:	SUSE-RU-2020:2960-1
Rating:	important
References:	bsc#1167073 bsc#1173559 bsc#1174075 bsc#1175151 bsc#1176752 bsc#1176753 bsc#1176754 bsc#1176755
Cross-References:	CVE-2020-12603 CVE-2020-12604 CVE-2020-12605 CVE-2020-15184 CVE-2020-15185 CVE-2020-15186 CVE-2020-15187 CVE-2020-8663
CVSS scores:	CVE-2020-12603 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-12604 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-12605 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-15184 ( SUSE ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CVE-2020-15184 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2020-15185 ( SUSE ): 2.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N CVE-2020-15185 ( NVD ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CVE-2020-15186 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N CVE-2020-15186 ( NVD ): 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N CVE-2020-15187 ( SUSE ): 3.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N CVE-2020-15187 ( NVD ): 3.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N CVE-2020-8663 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE CaaS Platform 4.5 SUSE Linux Enterprise Server 15 SP2

An update that solves eight vulnerabilities can now be installed.

Description:

Release Request for CaaSP 4.5.1 - Envoy/cilium-proxy/helm security updates

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE CaaS Platform 4.5
  To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.

Package List:

• SUSE CaaS Platform 4.5 (aarch64 x86_64)
  • helm3-3.3.3-3.5.2
  • caasp-release-4.5.1-1.5.2
  • skuba-2.1.6-3.5.2
• SUSE CaaS Platform 4.5 (noarch)
  • skuba-update-2.1.6-3.5.2

References:

• https://www.suse.com/security/cve/CVE-2020-12603.html
• https://www.suse.com/security/cve/CVE-2020-12604.html
• https://www.suse.com/security/cve/CVE-2020-12605.html
• https://www.suse.com/security/cve/CVE-2020-15184.html
• https://www.suse.com/security/cve/CVE-2020-15185.html
• https://www.suse.com/security/cve/CVE-2020-15186.html
• https://www.suse.com/security/cve/CVE-2020-15187.html
• https://www.suse.com/security/cve/CVE-2020-8663.html
• https://bugzilla.suse.com/show_bug.cgi?id=1167073
• https://bugzilla.suse.com/show_bug.cgi?id=1173559
• https://bugzilla.suse.com/show_bug.cgi?id=1174075
• https://bugzilla.suse.com/show_bug.cgi?id=1175151
• https://bugzilla.suse.com/show_bug.cgi?id=1176752
• https://bugzilla.suse.com/show_bug.cgi?id=1176753
• https://bugzilla.suse.com/show_bug.cgi?id=1176754
• https://bugzilla.suse.com/show_bug.cgi?id=1176755