diff --git a/kubernetes-1.24.13.obscpio b/kubernetes-1.24.13.obscpio deleted file mode 100644 index 0030dd0..0000000 --- a/kubernetes-1.24.13.obscpio +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d2fc11b5507d225184a56aa4b226bb08c8c8265261facba1224186ec69ac385d -size 253555726 diff --git a/kubernetes1.24.changes b/kubernetes1.24.changes index 57f7546..bc1ed0e 100644 --- a/kubernetes1.24.changes +++ b/kubernetes1.24.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Jun 20 07:00:47 UTC 2023 - Priyanka Saggu + +- remove: kube-apiserver-admission-plugin-policy.patch + * patch included upstream in the v1.24.15 patch version release +- remove: kubernetes1.24.13.obscpio + ------------------------------------------------------------------- Thu Jun 15 11:24:49 UTC 2023 - Priyanka Saggu @@ -47,6 +54,14 @@ Mon Jun 12 04:55:15 UTC 2023 - Priyanka Saggu * Skip mount point checks when possible during mount cleanup. * Return error for localhost seccomp type with no localhost profile defined +------------------------------------------------------------------- +Thu Jun 8 04:42:55 UTC 2023 - Priyanka Saggu +Security Patch Fix for CVE-2023-2727 (bsc#1211630) and CVE-2023-2728 (bsc#1211631) +* added patch: kube-apiserver-admission-plugin-policy.patch +* this new kube-apiserver component patch prevents ephemeral containers: + ** from using an image that is restricted by ImagePolicyWebhook (CVE-2023-2727) + ** from bypassing the mountable secrets policy enforced by the ServiceAccount admission plugin (CVE-2023-2728) + ------------------------------------------------------------------- Thu Apr 27 11:52:05 UTC 2023 - Priyanka Saggu diff --git a/kubernetes1.24.spec b/kubernetes1.24.spec index 901cacc..3fba735 100644 --- a/kubernetes1.24.spec +++ b/kubernetes1.24.spec @@ -73,6 +73,7 @@ for management and discovery. + # packages to build containerized control plane %package apiserver