SUSE Container Update Advisory: sles12/velum ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:616-1 Container Tags : sles12/velum:0.0 , sles12/velum:0.0-3.50.5 Container Release : 3.50.5 Severity : important Type : security References : 1069384 1112758 1113518 1116572 1120752 1121163 1121321 1123711 1124187 1124784 1127804 1128491 1128863 1130202 1131886 CVE-2018-16839 ----------------------------------------------------------------- The container sles12/velum was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:974-1 Released: Wed Apr 17 16:22:25 2019 Summary: Recommended update for kubernetes-salt and velum Type: recommended Severity: moderate References: 1113518,1116572,1120752,1121163,1121321,1123711,1124187,1124784,1127804,1128491,1128863,1130202 This update resolves the following issues: # Velum: - Node removal would fail when orchestration was incorrectly registered as still in progress - All nodes would show as failed after an update - Incorrect information shown on how to download/use the kubeconfig file - The velum user had too many permissions to manipulate the MariaDB Please check if your installation is affected by running: ``` docker exec -it $(docker ps -qf name=velum-mariadb) \ mysql -p$(cat /var/lib/misc/infra-secrets/mariadb-root-password) -e 'SHOW GRANTS FOR velum@localhost' ``` The user permissions should return: ``` +-----------------------------------------------------------------------------------------------------------------+ | Grants for velum@localhost | +-----------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'velum'@'localhost' IDENTIFIED BY PASSWORD '' | | GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `velum_production`.* TO 'velum'@'localhost' | +-----------------------------------------------------------------------------------------------------------------+ ``` If the user account still has ```GRANT ALL PRIVILEGES```, please adjust the privileges for the user by running: ``` docker exec -it $(docker ps -qf name=velum-mariadb) \ mysql -p$(cat /var/lib/misc/infra-secrets/mariadb-root-password) \ -e 'REVOKE ALL PRIVILEGES ON velum_production.* FROM velum@localhost; \ GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON velum_production.* TO velum@localhost' ``` - Nodes could become unresponsive if too many resources were reserved - System wide certificates removed from Velum were not removed from the cluster nodes - Certificates with Windows line endings could cause errors during external LDAP setup # Kubernetes Salt: - Removing the system wide proxy configuration was not applied correctly and configuration remained in place - Bootstrap of the cluster would fail - Removed an obsolete custom module - Modules for the reactor component were synchronized from multiple operations and could cause race conditions of the saved state - The automatic transactional-update timer did not remain disabled during an upgrade # CaaSP Container Manifests: - Admin node container would fail to start ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:979-1 Released: Thu Apr 18 08:23:19 2019 Summary: Recommended update for sg3_utils Type: recommended Severity: moderate References: 1069384 This update for sg3_utils fixes the following issues: - rescan-scsi-bus.sh: use LUN wildcard in idlist (bsc#1069384) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:996-1 Released: Tue Apr 23 18:42:35 2019 Summary: Security update for curl Type: security Severity: important References: 1112758,1131886,CVE-2018-16839 This update for curl fixes the following issues: Security issue fixed: - CVE-2018-16839: Fixed a buffer overflow in the SASL authentication code (bsc#1112758).