SuseSUSE-SU-2022:3335-1Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (important)
0.002 Low
EPSS
Percentile
62.2%
An update that fixes one vulnerability is now available.
Description:
This update for cdi-apiserver-container, cdi-cloner-container,
cdi-controller-container, cdi-importer-container, cdi-operator-container,
cdi-uploadproxy-container, cdi-uploadserver-container,
containerized-data-importer fixes the following issues:
Update to version 1.43.2
Security issues fixed:
- CVE-2022-1996: Fixed CORS bypass in go-restful vendored dependency
(bsc#1200528)
Other fixes:
- Include additional tools used by cdi-importer: cdi-containerimage-server
cdi-source-update-poller - Pack only cdi-{cr,operator}.yaml into the manifests RPM
- Install tar package (used for cloning filesystem PVCs)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3335=1
-
SUSE Linux Enterprise Module for Containers 15-SP3:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-3335=1
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Leap | 15.3 | x86_64 | < - openSUSE Leap 15.3 (x86_64): | - openSUSE Leap 15.3 (x86_64):.x86_64.rpm | |
| SUSE Linux Enterprise Module for Containers 15 | SP3 | x86_64 | < SUSE Linux Enterprise Module for Containers 15-SP3 (x86_64): | - SUSE Linux Enterprise Module for Containers 15-SP3 (x86_64):.x86_64.rpm |
Related
