El-errata: ELSA-2021-9029 Important: Oracle Linux Cloud Native Environment 1.1 olcne security update
Oracle Linux Cloud Native Environment Security Advisory ELSA-2021-9029
http://linux.oracle.com/errata/ELSA-2021-9029.html
The following updated rpms for Oracle Linux Cloud Native Environment 1.1
have been uploaded to the Unbreakable Linux Network:
x86_64:
kata-runtime-1.7.3-1.0.7.el7.x86_64.rpm
kata-1.7.3-1.0.12.el7.x86_64.rpm
kubelet-1.17.9-1.0.6.el7.x86_64.rpm
kubeadm-1.17.9-1.0.6.el7.x86_64.rpm
kubectl-1.17.9-1.0.6.el7.x86_64.rpm
olcnectl-1.1.10-1.el7.x86_64.rpm
olcne-utils-1.1.10-1.el7.x86_64.rpm
olcne-nginx-1.1.10-1.el7.x86_64.rpm
olcne-api-server-1.1.10-1.el7.x86_64.rpm
olcne-agent-1.1.10-1.el7.x86_64.rpm
olcne-prometheus-chart-1.1.10-1.el7.x86_64.rpm
olcne-istio-chart-1.1.10-1.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kata-runtime-1.7.3-1.0.7.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/kata-1.7.3-1.0.12.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/kubernetes-1.17.9-1.0.6.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/olcne-1.1.10-1.el7.src.rpm
container_images:
container-registry.oracle.com/olcne/externalip-webhook:v1.0.0
Description of changes:
kata-runtime
[1.7.3-1.0.7]
- Address CVE-2020-28914
kata
[1.7.3-1.0.12]
- UEKR6 guest kernel support
[1.7.3-1.0.11]
- Address CVE-2020-28914
kubernetes
[1.17.9-1.0.6]
- Kata CVE-2020-28914
olcne
[1.1.10-1]
- Address CVE-2020-28914: An improper file permissions vulnerability
affects Kata Containers prior to 1.11.5
[1.1.9-1]
- Enhance the Kubernetes module to restrict the usage of external IPs
- Address CVE-2020-8554: man-in-the-middle vulnerability using
Kubernetes service External IPs
container-registry.oracle.com/olcne/externalip-webhook:v1.0.0
- CVE-2020-28914
- CVE-2020-8554
A Oracle Linux Cloud Native Environment 1.1 olcne security update has been released.