Overview

File _patchinfo of Package patchinfo.35690

<patchinfo incident="35690">
  <issue tracker="bnc" id="1062303">trackerbug: packages do not build reproducibly from randomness</issue>
  <issue tracker="bnc" id="1194400">VUL-1: CVE-2021-25743: kubernetes-1.18,kubernetes: kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal</issue>
  <issue tracker="bnc" id="1211630">VUL-0: CVE-2023-2727: kubernetes,kubernetes1.18,kubernetes1.23,kubernetes1.24: Bypassing policies imposed by the ImagePolicyWebhook admission plugin</issue>
  <issue tracker="bnc" id="1211631">VUL-0: CVE-2023-2728:  kubernetes,kubernetes1.18,kubernetes1.23,kubernetes1.24: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin</issue>
  <issue tracker="bnc" id="1214406">[kubeadm1.27] Multiple Issues before `kubeadm init` runs successfully</issue>
  <issue tracker="bnc" id="1216109">VUL-0: CVE-2023-39325: go1.20,go1.21: net/http: rapid stream resets can cause excessive work</issue>
  <issue tracker="bnc" id="1216123">VUL-0: CVE-2023-44487: TRACKER-BUG: HTTP/2 Rapid Reset Attack</issue>
  <issue tracker="bnc" id="1219964">VUL-0: CVE-2024-0793: kubernetes,kubernetes1.18,kubernetes1.23,kubernetes1.24,kubernetes1.25,kubernetes1.26,kubernetes1.27,kubernetes1.28: kube-controller-manager: malformed HPA v1 manifest causes crash</issue>
  <issue tracker="bnc" id="1221400">VUL-0: CVE-2023-45288: go1.21,go1.22: net/http, x/net/http2: close connections when receiving too many headers</issue>
  <issue tracker="bnc" id="1222539">VUL-0: CVE-2024-3177: kubernetes1.18: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin</issue>
  <issue tracker="bnc" id="1226136">VUL-0: CVE-2024-24786: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON</issue>
  <issue tracker="bnc" id="1229867">VUL-0: CVE-2024-24786: kubernetes1.24,kubernetes1.25,kubernetes1.26,kubernetes1.27,kubernetes1.28: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON</issue>
  <issue tracker="bnc" id="1229858">VUL-0: kubernetes1.28: built against EOL of GO</issue>
  <issue tracker="bnc" id="1229869">VUL-0: kubernetes1.24,kubernetes1.25,kubernetes1.26,kubernetes1.27,kubernetes1.28: x/net/http2 affected by CVE-2023-44487,CVE-2023-39325,CVE-2023-45288</issue>
  <issue tracker="bnc" id="1230323">VUL-0: CVE-2023-39325: TRACKERBUG: golang.org/x/net/http2: rapid stream resets can cause excessive work</issue>
  <issue tracker="cve" id="2021-25743"/>
  <issue tracker="cve" id="2023-2727"/>
  <issue tracker="cve" id="2023-2728"/>
  <issue tracker="cve" id="2023-39325"/>
  <issue tracker="cve" id="2023-44487"/>
  <issue tracker="cve" id="2023-45288"/>
  <issue tracker="cve" id="2024-0793"/>
  <issue tracker="cve" id="2024-3177"/>
  <issue tracker="cve" id="2024-24786"/>
  <packager>psaggu</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for kubernetes1.24</summary>
  <description>This update for kubernetes1.24 fixes the following issues:

- CVE-2021-25743: escape, meta and control sequences in raw data output to terminal not neutralized. (bsc#1194400)
- CVE-2023-2727: bypass of policies imposed by the ImagePolicyWebhook admission plugin. (bsc#1211630)
- CVE-2023-2728: bypass of the mountable secrets policy enforced by the ServiceAccount admission plugin. (bsc#1211631)
- CVE-2023-39325: go1.20: excessive resource consumption when dealing with rapid stream resets. (bsc#1229869)  
- CVE-2023-44487: google.golang.org/grpc, kube-apiserver: HTTP/2 rapid reset vulnerability. (bsc#1229869)
- CVE-2023-45288: golang.org/x/net: excessive CPU consumption when processing unlimited sets of headers. (bsc#1229869)
- CVE-2024-0793: kube-controller-manager pod crash when processing malformed HPA v1 manifests. (bsc#1219964)  
- CVE-2024-3177: bypass of the mountable secrets policy enforced by the ServiceAccount admission plugin. (bsc#1222539)
- CVE-2024-24786: github.com/golang/protobuf: infinite loop when unmarshaling invalid JSON. (bsc#1229867)

Bug fixes:

- Use -trimpath in non-DBG mode for reproducible builds. (bsc#1062303)
- Fix multiple issues for successful `kubeadm init` run. (bsc#1214406)
- Update go to version 1.22.5 in build requirements. (bsc#1229858)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places