Bugfixes on cilium, gangway and skuba and security fix for Kubernetes (cve-2020-8557)

Announcement ID:	SUSE-RU-2020:2204-1
Rating:	moderate
References:	bsc#1146991 bsc#1173039 bsc#1173055 bsc#1173165 bsc#1173984
Cross-References:	CVE-2020-8557
CVSS scores:	CVE-2020-8557 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-8557 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	Containers Module 15-SP1 SUSE CaaS Platform 4.0 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0

An update that solves one vulnerability and has four fixes can now be installed.

Description:

= Required Actions

== Kubernetes (Security fix)

This fix will be applied to the kubelet daemon running on the nodes by skuba-update. See https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_cluster_updates.html#_base_os_updates for more details. Make sure you look at the Release Notes https://www.suse.com/releasenotes/x86_64/SUSE-CAASP/4/#_changes_in_4_2_2 for any known bug.

== Cilium Bugfix

Cilium will be updated by skuba addon upgrade. No action is required from your side. For more info see https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_cluster_updates.html#_generating_an_overview_of_available_addon_updates

== Gangway bugfix

Gangway will be updated by skuba addon upgrade. No action is required from your side. For more info see https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_cluster_updates.html#_generating_an_overview_of_available_addon_updates == Skuba

In order to update skuba, you need to update the admin workstation. See detailed instructions at https://documentation.suse.com/suse-caasp/4.1/html/caasp-admin/_cluster_updates.html#_update_management_workstation

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Containers Module 15-SP1
  zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2020-2204=1
• SUSE CaaS Platform 4.0
  To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.

Package List:

• Containers Module 15-SP1 (x86_64)
  • kubernetes-client-1.17.4-4.18.1
  • kubernetes-common-1.17.4-4.18.1
• SUSE CaaS Platform 4.0 (x86_64)
  • kubernetes-client-1.17.4-4.18.1
  • caasp-release-4.2.2-24.26.1
  • kubernetes-common-1.17.4-4.18.1
  • kubernetes-kubeadm-1.17.4-4.18.1
  • skuba-1.4.1-3.46.1
  • kubernetes-kubelet-1.17.4-4.18.1
• SUSE CaaS Platform 4.0 (noarch)
  • skuba-update-1.4.1-3.46.1

References:

• https://www.suse.com/security/cve/CVE-2020-8557.html
• https://bugzilla.suse.com/show_bug.cgi?id=1146991
• https://bugzilla.suse.com/show_bug.cgi?id=1173039
• https://bugzilla.suse.com/show_bug.cgi?id=1173055
• https://bugzilla.suse.com/show_bug.cgi?id=1173165
• https://bugzilla.suse.com/show_bug.cgi?id=1173984