176 lines
7.0 KiB
JSON
176 lines
7.0 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20211495",
|
|
"Version": "oval:org.altlinux.errata:def:20211495",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2021-1495: package `kubernetes` update to version 1.20.2-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch p9"
|
|
],
|
|
"Products": [
|
|
"ALT Server",
|
|
"ALT Virtualization Server",
|
|
"ALT Workstation",
|
|
"ALT Workstation K",
|
|
"ALT Education",
|
|
"Simply Linux",
|
|
"Starterkit"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2021-1495",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-1495",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2020-8563",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-8563",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2020-8564",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-8564",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2020-8565",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-8565",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2020-8566",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-8566",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades kubernetes to version 1.20.2-alt1. \nSecurity Fix(es):\n\n * CVE-2020-8563: In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects \u003c v1.19.3.\n\n * CVE-2020-8564: In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects \u003c v1.19.3, \u003c v1.18.10, \u003c v1.17.13.\n\n * CVE-2020-8565: In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects \u003c= v1.19.3, \u003c= v1.18.10, \u003c= v1.17.13, \u003c v1.20.0-alpha2.\n\n * CVE-2020-8566: In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects \u003c v1.19.3, \u003c v1.18.10, \u003c v1.17.13.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Low",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2021-03-16"
|
|
},
|
|
"Updated": {
|
|
"Date": "2021-03-16"
|
|
},
|
|
"BDUs": null,
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2020-8563",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
|
|
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
|
"CWE": "CWE-532",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-8563",
|
|
"Impact": "Low",
|
|
"Public": "20201207"
|
|
},
|
|
{
|
|
"ID": "CVE-2020-8564",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
|
|
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
|
"CWE": "CWE-532",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-8564",
|
|
"Impact": "Low",
|
|
"Public": "20201207"
|
|
},
|
|
{
|
|
"ID": "CVE-2020-8565",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
|
|
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
|
"CWE": "CWE-532",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-8565",
|
|
"Impact": "Low",
|
|
"Public": "20201207"
|
|
},
|
|
{
|
|
"ID": "CVE-2020-8566",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
|
|
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
|
"CWE": "CWE-532",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-8566",
|
|
"Impact": "Low",
|
|
"Public": "20201207"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:kworkstation:9",
|
|
"cpe:/o:alt:workstation:9",
|
|
"cpe:/o:alt:server:9",
|
|
"cpe:/o:alt:server-v:9",
|
|
"cpe:/o:alt:education:9",
|
|
"cpe:/o:alt:slinux:9",
|
|
"cpe:/o:alt:starterkit:p9",
|
|
"cpe:/o:alt:kworkstation:9.1",
|
|
"cpe:/o:alt:workstation:9.1",
|
|
"cpe:/o:alt:server:9.1",
|
|
"cpe:/o:alt:server-v:9.1",
|
|
"cpe:/o:alt:education:9.1",
|
|
"cpe:/o:alt:slinux:9.1",
|
|
"cpe:/o:alt:starterkit:9.1",
|
|
"cpe:/o:alt:kworkstation:9.2",
|
|
"cpe:/o:alt:workstation:9.2",
|
|
"cpe:/o:alt:server:9.2",
|
|
"cpe:/o:alt:server-v:9.2",
|
|
"cpe:/o:alt:education:9.2",
|
|
"cpe:/o:alt:slinux:9.2",
|
|
"cpe:/o:alt:starterkit:9.2"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:1001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211495001",
|
|
"Comment": "kubernetes-client is earlier than 0:1.20.2-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211495002",
|
|
"Comment": "kubernetes-common is earlier than 0:1.20.2-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211495003",
|
|
"Comment": "kubernetes-crio is earlier than 0:1.20.2-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211495004",
|
|
"Comment": "kubernetes-kubeadm is earlier than 0:1.20.2-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211495005",
|
|
"Comment": "kubernetes-kubelet is earlier than 0:1.20.2-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211495006",
|
|
"Comment": "kubernetes-master is earlier than 0:1.20.2-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211495007",
|
|
"Comment": "kubernetes-node is earlier than 0:1.20.2-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |