Oracle Linux 6277 Published by

An olcne security update has been released for Oracle Linux Cloud Native Environment 1.2



El-errata: ELSA-2021-9267 Important: Oracle Linux Cloud Native Environment 1.2 olcne security update


Oracle Linux Cloud Native Environment Security Advisory ELSA-2021-9267

  http://linux.oracle.com/errata/ELSA-2021-9267.html

The following updated rpms for Oracle Linux Cloud Native Environment 1.2 have been uploaded to the Unbreakable Linux Network:

x86_64:
helm-3.3.4-2.el8.x86_64.rpm
coredns-1.7.0-1.el8.x86_64.rpm
cri-o-1.18.4-2.el8.x86_64.rpm
cri-tools-1.18.0-2.el8.x86_64.rpm
etcd-3.4.3-1.0.5.el8.x86_64.rpm
flannel-0.12.0-2.el8.x86_64.rpm
yq-3.4.0-2.el8.x86_64.rpm
conmon-2.0.20-4.el8.x86_64.rpm
conmon-2.0.21-4.el8.x86_64.rpm
kata-proxy-1.11.5-2.el8.x86_64.rpm
kata-shim-1.11.5-2.el8.x86_64.rpm
kata-runtime-1.11.5-2.el8.x86_64.rpm
kata-ksm-throttler-1.11.5-2.el8.x86_64.rpm
kata-image-1.11.5-2.2.ol8_202104281558.x86_64.rpm
kata-agent-1.11.5-2.el8.x86_64.rpm
kata-1.11.5-4.el8.x86_64.rpm
kubernetes-cni-plugins-0.8.7-2.el8.x86_64.rpm
kubernetes-cni-0.8.0-3.el8.x86_64.rpm
kubernetes-dashboard-2.0.3-2.el8.x86_64.rpm
kubeadm-1.18.18-2.el8.x86_64.rpm
kubectl-1.18.18-2.el8.x86_64.rpm
kubelet-1.18.18-2.el8.x86_64.rpm
istio-1.7.3-1.0.2.el8.x86_64.rpm
istio-istioctl-1.7.3-1.0.2.el8.x86_64.rpm
istio-mixc-1.7.3-1.0.2.el8.x86_64.rpm
istio-mixs-1.7.3-1.0.2.el8.x86_64.rpm
istio-pilot-agent-1.7.3-1.0.2.el8.x86_64.rpm
istio-pilot-discovery-1.7.3-1.0.2.el8.x86_64.rpm
olcne-agent-1.2.3-9.el8.x86_64.rpm
olcne-api-server-1.2.3-9.el8.x86_64.rpm
olcnectl-1.2.3-9.el8.x86_64.rpm
olcne-istio-chart-1.2.3-9.el8.x86_64.rpm
olcne-nginx-1.2.3-9.el8.x86_64.rpm
olcne-prometheus-chart-1.2.3-9.el8.x86_64.rpm
olcne-utils-1.2.3-9.el8.x86_64.rpm

SRPMS:
  http://oss.oracle.com/ol8/SRPMS-updates/helm-3.3.4-2.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/coredns-1.7.0-1.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/cri-o-1.18.4-2.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/cri-tools-1.18.0-2.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/etcd-3.4.3-1.0.5.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/flannel-0.12.0-2.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/yq-3.4.0-2.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/conmon-2.0.20-4.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/conmon-2.0.21-4.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/kata-proxy-1.11.5-2.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/kata-shim-1.11.5-2.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/kata-runtime-1.11.5-2.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/kata-ksm-throttler-1.11.5-2.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/kata-image-1.11.5-2.2.ol8_202104281558.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/kata-agent-1.11.5-2.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/kata-1.11.5-4.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/kubernetes-cni-plugins-0.8.7-2.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/kubernetes-cni-0.8.0-3.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/kubernetes-dashboard-2.0.3-2.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/kubernetes-1.18.18-2.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/istio-1.7.3-1.0.2.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/olcne-1.2.3-9.el8.src.rpm

container_images:
container-registry.oracle.com/olcne/coredns:1.7.0
container-registry.oracle.com/olcne/etcd:3.4.3-3
container-registry.oracle.com/olcne/flannel:v0.12.0-1
container-registry.oracle.com/olcne/kubernetes-dashboard:v2.0.3-1
container-registry.oracle.com/olcne/kube-proxy:v1.18.18
container-registry.oracle.com/olcne/kube-apiserver:v1.18.18
container-registry.oracle.com/olcne/kube-scheduler:v1.18.18
container-registry.oracle.com/olcne/kube-controller-manager:v1.18.18
container-registry.oracle.com/olcne/externalip-webhook:v1.0.0-1
container-registry.oracle.com/olcne/prometheus:v2.20.0-1
container-registry.oracle.com/olcne/grafana:v6.7.4-3
container-registry.oracle.com/olcne/pilot:1.7.3-1
container-registry.oracle.com/olcne/proxyv2:1.7.3-1

Related CVEs:

CVE-2021-27918



Description of changes:

helm
[3.3.4-2]
- Address CVE-2021-27918

coredns
[1.7.0-1]
- Added Oracle specific build files

cri-o
[1.18.4-2]
- Fix for CVE-2021-27918

[1.18.4-1]
- Added Oracle Specifile Files for cri-o

cri-tools
[1.18.0-2]
- Address CVE-2021-27918

etcd
[3.4.3-1.0.5]
- Address CVE-2021-27918

flannel
[0.12.0-2]
- Address CVE-2021-27918

[0.12.0-1]
- Release of flannel-0.12.0-1

yq
[3.4.0-2]
- Address CVE-2021-27918

conmon
[2.0.20-4]
- Address CVE-2021-27918

conmon
[3:2.0.21-4]
- Address CVE-2021-27918

kata-proxy
[1.11.5-2]
- Address CVE-2021-27918

kata-shim
[1.11.5-2]
- Address CVE-2021-27918

kata-runtime
[1.11.5-2]
- Address CVE-2021-27918

kata-ksm-throttler
[1.11.5-2]
- Address CVE-2021-27918

kata-image
[1.11.5-2]
- Address CVE-2021-27918

kata-agent
[1.11.5-2]
- Fix for CVE-2021-27918

kata
[1.11.5-4]
- Address CVE-2021-27918

[1.11.5-3]
- Support 1.19, 1.20 k8s

kubernetes-cni-plugins
[0.8.7-2]
- Removed BuildArch to support ARM builds

kubernetes-cni
[0.8.0-3]
- Address CVE-2021-27918

kubernetes-dashboard
[2.0.3-2]
- Address CVE-2021-27918

kubernetes
[1.18.18-1]
- Address CVE-2021-27918

istio
[1.7.3-1.0.2]
- Address CVE-2021-27918

[1.7.3-1.0.1]
- Run gateway pods as root user to workaround ports lessthan 1024 binding failures

[1.7.3-1.0.0]
- Added Oracle Specific Build Files for istio/istio

olcne
[1.2.3-9]
- Updated version for istio-module grafana: v6.7.4-3 and prometheus: v2.20.0-1

[1.2.3-8]
- Revert istio version to 1.7.3-1 which has just golang CVE fixes

[1.2.3-7]
- Fix k8s update path
- Update el8 conmon pre-install

[1.2.3-6]
- Updated updatepath in kubernetes.yaml and image version in templates

[1.2.3-5]
- Added missing info for 1.18.18 in kubernetes.yaml and helm.yaml
- Updated image repository in templates

[1.2.3-4]
- Fix for the failure of kubernetes restore [Orabug: 32310718]

[1.2.3-3]
- Address Istio CVE-2021-28683, CVE-2021-28682 & CVE-2021-29258

[1.2.3-2]
- fix bug where externalip cidr's can't fully be disabled

[1.2.3-1]
- Bug Fix: Update istio module definition to pass instance name for release resource

container_images:
container-registry.oracle.com/olcne/coredns:1.7.0
- CVE-2021-27918

container-registry.oracle.com/olcne/etcd:3.4.3-3
- CVE-2021-27918

container-registry.oracle.com/olcne/flannel:v0.12.0-1
- CVE-2021-27918

container-registry.oracle.com/olcne/kubernetes-dashboard:v2.0.3-1
- CVE-2021-27918

container-registry.oracle.com/olcne/kube-proxy:v1.18.18
- CVE-2021-27918

container-registry.oracle.com/olcne/kube-apiserver:v1.18.18
- CVE-2021-27918

container-registry.oracle.com/olcne/kube-scheduler:v1.18.18
- CVE-2021-27918

container-registry.oracle.com/olcne/kube-controller-manager:v1.18.18
- CVE-2021-27918

container-registry.oracle.com/olcne/externalip-webhook:v1.0.0-1
- CVE-2021-27918

container-registry.oracle.com/olcne/prometheus:v2.20.0-1
- CVE-2021-27918

container-registry.oracle.com/olcne/grafana:v6.7.4-3
- CVE-2021-27918

container-registry.oracle.com/olcne/pilot:1.7.3-1
- CVE-2021-27918

container-registry.oracle.com/olcne/proxyv2:1.7.3-1
- CVE-2021-27918