[SECURITY] Fedora 32 Update: origin-3.11.2-1.fc32

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-aeea04cd13 2020-07-24 01:13:00.082331 -------------------------------------------------------------------------------- Name : origin Product : Fedora 32 Version : 3.11.2 Release : 1.fc32 URL : https://github.com/openshift/origin Summary : OpenShift Open Source Container Management by Red Hat Description : OpenShift Origin is a distribution of Kubernetes optimized for enterprise application development and deployment. OpenShift Origin adds developer and operational centric tools on top of Kubernetes to enable rapid application development, easy deployment and scaling, and long-term lifecycle maintenance for small and large teams and applications. It provides a secure and multi-tenant configuration for Kubernetes allowing you to safely host many different applications and workloads on a unified cluster. -------------------------------------------------------------------------------- Update Information: * Security fix for CVE-2020-8551, CVE-2020-8552, CVE-2020-8555, CVE-2020-8945 * Rebase to head of usptream 3.11 branch -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 14 2020 Jakub ��ajka <jcajka(a)fedoraproject.org&gt; - 3.11.2-1 - Rebase to upstream 20c5b86c88657888e4906ed7942b85515c650f96, let's call it 3.11.2 - Fix for CVE-2020-8551, CVE-2020-8552, CVE-2020-8555, CVE-2020-8945 - Resolves: BZ#1816406, BZ#1816396, BZ#1842692, BZ#1802905 * Fri May 1 2020 Petr Pisar <ppisar(a)redhat.com&gt; - 3.11.1-6 - Soften a dependency on bash-completion (bug #1493993) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1795838 - CVE-2020-8945 proglottis/gpgme: Use-after-free in GPGME bindings during container image pull https://bugzilla.redhat.com/show_bug.cgi?id=1795838 [ 2 ] Bug #1797909 - CVE-2020-8552 kubernetes: Use of unbounded 'client' label in apiserver_request_total allows for memory exhaustion https://bugzilla.redhat.com/show_bug.cgi?id=1797909 [ 3 ] Bug #1816403 - CVE-2020-8551 kubernetes: crafted requests to kubelet API allow for memory exhaustion https://bugzilla.redhat.com/show_bug.cgi?id=1816403 [ 4 ] Bug #1821583 - CVE-2020-8555 kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information https://bugzilla.redhat.com/show_bug.cgi?id=1821583 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-aeea04cd13' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------