1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2024:3094-1

[SUSE-SU-2024:3094-1] Security update for kubernetes1.26

Severity Important
CVEs 3
Info References Vulnerabilities

Security update for kubernetes1.26

This update for kubernetes1.26 fixes the following issues:

Update kubernetes to version 1.26.15:
- CVE-2024-24786: Fixed infinite loop in protojson.Unmarshal in golang-protobuf (bsc#1229867)
- CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. This is also known as CVE-2023-44487. (bsc#1229869)
- CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack in net/http (bsc#1229869)

Other fixes:

- Fixed packages required by kubernetes1.26-client installation (bsc#1229008)
- Update go to version v1.22.5 (bsc#1229858)
- Add upstream patch for reproducible builds (bsc#1062303)

ID
SUSE-SU-2024:3094-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2024/suse-su-20243094-1/
Published
2024-09-03T14:34:48
(13 days ago)
Modified
2024-09-03T14:34:48
(13 days ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date