Bug 33802 - kubernetes new security issue CVE-2024-10220
Summary: kubernetes new security issue CVE-2024-10220
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: Bruno Cornec
QA Contact: Sec team
URL:
Whiteboard: MGA9TOO
Keywords:
Depends on: 33143
Blocks:
  Show dependency treegraph
 
Reported: 2024-11-26 09:14 CET by Nicolas Salguero
Modified: 2024-12-06 18:44 CET (History)
2 users (show)

See Also:
Source RPM: kubernetes
CVE: CVE-2024-10220
Status comment:


Attachments

Description Nicolas Salguero 2024-11-26 09:14:56 CET
CVE-2024-10220 was announced here:
https://www.openwall.com/lists/oss-security/2024/11/20/1

The problem is fixed in versions 1.28.12, 1.29.7, 1.30.3 and 1.31.0.

Mageia 9 is also affected.
Nicolas Salguero 2024-11-26 09:15:16 CET

Whiteboard: (none) => MGA9TOO
CVE: CVE-2024-3177, CVE-2024-10220 => CVE-2024-10220
Keywords: advisory => (none)

Nicolas Salguero 2024-11-26 09:15:27 CET

Assignee: bugsquad => bruno

Comment 1 Bruno Cornec 2024-11-27 01:19:19 CET
Packages ready to be pushed to updates_testing once golang is updated:

RPMS/x86_64/kubernetes-1.27.16-1.mga9.x86_64.rpm
RPMS/x86_64/kubernetes-client-1.27.16-1.mga9.x86_64.rpm
RPMS/x86_64/kubernetes-kubeadm-1.27.16-1.mga9.x86_64.rpm
RPMS/x86_64/kubernetes-master-1.27.16-1.mga9.x86_64.rpm
RPMS/x86_64/kubernetes-node-1.27.16-1.mga9.x86_64.rpm

SRPMS/kubernetes-1.27.16-1.mga9.src.rpm

Also fixes https://bugs.mageia.org/show_bug.cgi?id=33143

Status: NEW => ASSIGNED

Comment 3 Bruno Cornec 2024-11-28 00:55:33 CET
Packages pushed to updates_testing now golang has been updated:

RPMS/x86_64/kubernetes-1.27.16-1.mga9.x86_64.rpm
RPMS/x86_64/kubernetes-client-1.27.16-1.mga9.x86_64.rpm
RPMS/x86_64/kubernetes-kubeadm-1.27.16-1.mga9.x86_64.rpm
RPMS/x86_64/kubernetes-master-1.27.16-1.mga9.x86_64.rpm
RPMS/x86_64/kubernetes-node-1.27.16-1.mga9.x86_64.rpm

SRPMS/kubernetes-1.27.16-1.mga9.src.rpm

Also fixes https://bugs.mageia.org/show_bug.cgi?id=33143

Assignee: bruno => qa-bugs

Comment 4 David Walser 2024-11-28 02:51:05 CET
Only one of the bugs should be assigned to QA.

Assignee: qa-bugs => bruno

Comment 5 Nicolas Salguero 2024-12-06 18:44:06 CET
Fixed in bug 33143

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.