SUSE-SU-2023:2292-1
- Source
- https://www.suse.com/support/update/announcement/2023/suse-su-20232292-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:2292-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2023:2292-1
- Related
- Published
- 2023-05-25T07:21:44Z
- Modified
- 2023-05-25T07:21:44Z
- Summary
- Security update for kubernetes1.23
- Details
-
This update for kubernetes1.23 fixes the following issues:
add kubernetes1.18-client-common as conflicts with kubernetes-client-bash-completion
Split individual completions into separate packages
Update to version 1.23.17:
- releng: Update images, dependencies and version to Go 1.19.6
- Update golang.org/x/net to v0.7.0
- Pin golang.org/x/net to v0.4.0
- add scale test for probes
- use custom dialer for http probes
- use custom dialer for tcp probes
- add custom dialer optimized for probes
- egress_selector: prevent goroutines leak on connect() step.
- tls.Dial() validates hostname, no need to do that manually
- Fix issue that Audit Server could not correctly encode DeleteOption
- Do not include scheduler name in the preemption event message
- Do not leak cross namespace pod metadata in preemption events
- pkg/controller/job: re-honor exponential backoff
- releng: Update images, dependencies and version to Go 1.19.5
- Bump Konnectivity to v0.0.35
- Improve vendor verification works for each staging repo
- Update to go1.19
- Adjust for os/exec changes in 1.19
- Update golangci-lint to 1.46.2 and fix errors
- Match go1.17 defaults for SHA-1 and GC
- update golangci-lint to 1.45.0
- kubelet: make the image pull time more accurate in event
- change k8s.gcr.io/pause to registry.k8s.io/pause
- use etcd 3.5.6-0 after promotion
- changelog: CVE-2022-3294 and CVE-2022-3162 were fixed in v1.23.14
- Add CVE-2021-25749 to CHANGELOG-1.23.md
- Add CVE-2022-3294 to CHANGELOG-1.23.md
- kubeadm: use registry.k8s.io instead of k8s.gcr.io
- etcd: Updated to v3.5.5
- Bump konnectivity network proxy to v0.0.33. Includes a couple bug fixes for better handling of dial failures. Agent & Server include numerous other fixes.
- kubeadm: allow RSA and ECDSA format keys in preflight check
- Fixes kubelet log compression on Windows
- Reduce default gzip compression level from 4 to 1 in apiserver
- exec auth: support TLS config caching
- Marshal MicroTime to json and proto at the same precision
- Windows: ensure runAsNonRoot does case-insensitive comparison on user name
- update structured-merge-diff to 4.2.3
- Add rate limiting when calling STS assume role API
- Fixing issue in generatePodSandboxWindowsConfig for hostProcess containers by where pod sandbox won't have HostProcess bit set if pod does not have a security context but containers specify HostProcess.
- References
Affected packages
SUSE:Linux Enterprise Module for Containers 15 SP4 / kubernetes1.23
Package
- Name
- kubernetes1.23
- Purl
- purl:rpm/suse/kubernetes1.23&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP4
SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOS / kubernetes1.23
Package
- Name
- kubernetes1.23
- Purl
- purl:rpm/suse/kubernetes1.23&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS
SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS / kubernetes1.23
Package
- Name
- kubernetes1.23
- Purl
- purl:rpm/suse/kubernetes1.23&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS
SUSE:Linux Enterprise Server 15 SP3-LTSS / kubernetes1.23
Package
- Name
- kubernetes1.23
- Purl
- purl:rpm/suse/kubernetes1.23&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS
SUSE:Linux Enterprise Server for SAP Applications 15 SP3 / kubernetes1.23
Package
- Name
- kubernetes1.23
- Purl
- purl:rpm/suse/kubernetes1.23&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3