docker-machine-driver-kvm2-1.23.0-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11051-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z docker-machine-driver-kvm2-1.23.0-1.2 on GA media These are all security issues fixed in the docker-machine-driver-kvm2-1.23.0-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11051 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-1002103/ SUSE CVE CVE-2018-1002103 page openSUSE Tumbleweed docker-machine-driver-kvm2-1.23.0-1.2 minikube-1.23.0-1.2 minikube-bash-completion-1.23.0-1.2 docker-machine-driver-kvm2-1.23.0-1.2 as a component of openSUSE Tumbleweed minikube-1.23.0-1.2 as a component of openSUSE Tumbleweed minikube-bash-completion-1.23.0-1.2 as a component of openSUSE Tumbleweed In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem. CVE-2018-1002103 openSUSE Tumbleweed:docker-machine-driver-kvm2-1.23.0-1.2 openSUSE Tumbleweed:minikube-1.23.0-1.2 openSUSE Tumbleweed:minikube-bash-completion-1.23.0-1.2 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-1002103.html CVE-2018-1002103