Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:2246-1 Final 1 1 2024-06-29T06:55:05Z current 2024-06-29T06:55:05Z 2024-06-29T06:55:05Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues: - Collect component Role rules under operator Role instead of ClusterRole (bsc#1223965, CVE-2024-33394) - Ensure procps is installed (provides ps for tests) This update also rebuilds it against current go releases. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-2246,SUSE-SLE-Micro-5.5-2024-2246,SUSE-SLE-Module-Containers-15-SP5-2024-2246,openSUSE-SLE-15.5-2024-2246 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20242246-1/ Link for SUSE-SU-2024:2246-1 https://lists.suse.com/pipermail/sle-security-updates/2024-July/018830.html E-Mail link for SUSE-SU-2024:2246-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1223965 SUSE Bug 1223965 https://www.suse.com/security/cve/CVE-2024-33394/ SUSE CVE CVE-2024-33394 page SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Module for Containers 15 SP5 openSUSE Leap 15.5 kubevirt-container-disk-1.1.1-150500.8.18.1 kubevirt-manifests-1.1.1-150500.8.18.1 kubevirt-pr-helper-conf-1.1.1-150500.8.18.1 kubevirt-tests-1.1.1-150500.8.18.1 kubevirt-virt-api-1.1.1-150500.8.18.1 kubevirt-virt-controller-1.1.1-150500.8.18.1 kubevirt-virt-exportproxy-1.1.1-150500.8.18.1 kubevirt-virt-exportserver-1.1.1-150500.8.18.1 kubevirt-virt-handler-1.1.1-150500.8.18.1 kubevirt-virt-launcher-1.1.1-150500.8.18.1 kubevirt-virt-operator-1.1.1-150500.8.18.1 kubevirt-virtctl-1.1.1-150500.8.18.1 obs-service-kubevirt_containers_meta-1.1.1-150500.8.18.1 kubevirt-manifests-1.1.1-150500.8.18.1 as a component of SUSE Linux Enterprise Micro 5.5 kubevirt-virtctl-1.1.1-150500.8.18.1 as a component of SUSE Linux Enterprise Micro 5.5 kubevirt-manifests-1.1.1-150500.8.18.1 as a component of SUSE Linux Enterprise Module for Containers 15 SP5 kubevirt-virtctl-1.1.1-150500.8.18.1 as a component of SUSE Linux Enterprise Module for Containers 15 SP5 kubevirt-container-disk-1.1.1-150500.8.18.1 as a component of openSUSE Leap 15.5 kubevirt-manifests-1.1.1-150500.8.18.1 as a component of openSUSE Leap 15.5 kubevirt-tests-1.1.1-150500.8.18.1 as a component of openSUSE Leap 15.5 kubevirt-virt-api-1.1.1-150500.8.18.1 as a component of openSUSE Leap 15.5 kubevirt-virt-controller-1.1.1-150500.8.18.1 as a component of openSUSE Leap 15.5 kubevirt-virt-exportproxy-1.1.1-150500.8.18.1 as a component of openSUSE Leap 15.5 kubevirt-virt-exportserver-1.1.1-150500.8.18.1 as a component of openSUSE Leap 15.5 kubevirt-virt-handler-1.1.1-150500.8.18.1 as a component of openSUSE Leap 15.5 kubevirt-virt-launcher-1.1.1-150500.8.18.1 as a component of openSUSE Leap 15.5 kubevirt-virt-operator-1.1.1-150500.8.18.1 as a component of openSUSE Leap 15.5 kubevirt-virtctl-1.1.1-150500.8.18.1 as a component of openSUSE Leap 15.5 obs-service-kubevirt_containers_meta-1.1.1-150500.8.18.1 as a component of openSUSE Leap 15.5 An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. CVE-2024-33394 SUSE Linux Enterprise Micro 5.5:kubevirt-manifests-1.1.1-150500.8.18.1 SUSE Linux Enterprise Micro 5.5:kubevirt-virtctl-1.1.1-150500.8.18.1 SUSE Linux Enterprise Module for Containers 15 SP5:kubevirt-manifests-1.1.1-150500.8.18.1 SUSE Linux Enterprise Module for Containers 15 SP5:kubevirt-virtctl-1.1.1-150500.8.18.1 openSUSE Leap 15.5:kubevirt-container-disk-1.1.1-150500.8.18.1 openSUSE Leap 15.5:kubevirt-manifests-1.1.1-150500.8.18.1 openSUSE Leap 15.5:kubevirt-tests-1.1.1-150500.8.18.1 openSUSE Leap 15.5:kubevirt-virt-api-1.1.1-150500.8.18.1 openSUSE Leap 15.5:kubevirt-virt-controller-1.1.1-150500.8.18.1 openSUSE Leap 15.5:kubevirt-virt-exportproxy-1.1.1-150500.8.18.1 openSUSE Leap 15.5:kubevirt-virt-exportserver-1.1.1-150500.8.18.1 openSUSE Leap 15.5:kubevirt-virt-handler-1.1.1-150500.8.18.1 openSUSE Leap 15.5:kubevirt-virt-launcher-1.1.1-150500.8.18.1 openSUSE Leap 15.5:kubevirt-virt-operator-1.1.1-150500.8.18.1 openSUSE Leap 15.5:kubevirt-virtctl-1.1.1-150500.8.18.1 openSUSE Leap 15.5:obs-service-kubevirt_containers_meta-1.1.1-150500.8.18.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242246-1/ https://www.suse.com/security/cve/CVE-2024-33394.html CVE-2024-33394 https://bugzilla.suse.com/1223965 SUSE Bug 1223965