Overview

File _patchinfo of Package patchinfo.39230

<patchinfo incident="39230">
  <issue tracker="cve" id="2025-22872"/>
  <issue tracker="cve" id="2024-3177"/>
  <issue tracker="cve" id="2023-2431"/>
  <issue tracker="cve" id="2024-0793"/>
  <issue tracker="cve" id="2021-25743"/>
  <issue tracker="bnc" id="1222539">VUL-0: CVE-2024-3177: kubernetes1.18: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin</issue>
  <issue tracker="bnc" id="1241865">VUL-0: CVE-2025-22872: kubernetes1.28,kubernetes1.25,kubernetes1.18,kubernetes1.24,kubernetes1.26,kubernetes1.23,kubernetes1.27: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction</issue>
  <issue tracker="bnc" id="1212493">VUL-0: CVE-2023-2431: kubernetes1.24,kubernetes1.23: Bypass of seccomp profile enforcement</issue>
  <issue tracker="bnc" id="1194400">VUL-1: CVE-2021-25743: kubernetes-1.18,kubernetes: kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal</issue>
  <issue tracker="bnc" id="1219964">VUL-0: CVE-2024-0793: kubernetes,kubernetes1.18,kubernetes1.23,kubernetes1.24,kubernetes1.25,kubernetes1.26,kubernetes1.27,kubernetes1.28: kube-controller-manager: malformed HPA v1 manifest causes crash</issue>
  <issue tracker="bnc" id="1229008">installing kubernetes1.23-client also installs kubernetes1.28-client and kubernetes1.28-client-common</issue>
  <packager>psaggu</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for kubernetes1.23</summary>
  <description>This update for kubernetes1.23 fixes the following issues:

- CVE-2021-25743: Escape terminal special characters in kubectl output (bsc#1194400).
- CVE-2023-2431: Prevent pods to bypass the seccomp profile enforcement (bsc#1212493).
- CVE-2024-0793: Advance autoscaling v2 as the preferred API version (bsc#1219964).
- CVE-2024-3177: Prevent bypassing mountable secrets policy imposed by the ServiceAccount admission plugin (bsc#1222539). 
- CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content (bsc#1241865).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places