El-errata: ELSA-2021-9268 Important: Oracle Linux Cloud Native Environment 1.2 olcne security update
Oracle Linux Cloud Native Environment Security Advisory ELSA-2021-9268
http://linux.oracle.com/errata/ELSA-2021-9268.html
The following updated rpms for Oracle Linux Cloud Native Environment 1.2 have been uploaded to the Unbreakable Linux Network:
x86_64:
coredns-1.7.0-1.el7.x86_64.rpm
cri-o-1.18.4-2.el7.x86_64.rpm
cri-tools-1.18.0-2.el7.x86_64.rpm
etcd-3.4.3-1.0.5.el7.x86_64.rpm
flannel-0.12.0-2.el7.x86_64.rpm
yq-3.4.0-2.el7.x86_64.rpm
conmon-2.0.20-4.el7.x86_64.rpm
conmon-2.0.21-4.el7.x86_64.rpm
helm-3.3.4-2.el7.x86_64.rpm
kata-proxy-1.11.5-2.el7.x86_64.rpm
kata-shim-1.11.5-2.el7.x86_64.rpm
kata-runtime-1.11.5-2.el7.x86_64.rpm
kata-ksm-throttler-1.11.5-2.el7.x86_64.rpm
kata-image-1.11.5-2.2.ol7_202104281557.x86_64.rpm
kata-agent-1.11.5-2.el7.x86_64.rpm
kata-1.11.5-4.el7.x86_64.rpm
kubernetes-cni-plugins-0.8.7-2.el7.x86_64.rpm
kubernetes-cni-0.8.0-3.el7.x86_64.rpm
kubernetes-dashboard-2.0.3-2.el7.x86_64.rpm
kubeadm-1.18.18-2.el7.x86_64.rpm
kubectl-1.18.18-2.el7.x86_64.rpm
kubelet-1.18.18-2.el7.x86_64.rpm
istio-1.7.3-1.0.2.el7.x86_64.rpm
istio-istioctl-1.7.3-1.0.2.el7.x86_64.rpm
olcne-agent-1.2.3-9.el7.x86_64.rpm
olcne-api-server-1.2.3-9.el7.x86_64.rpm
olcne-istio-chart-1.2.3-9.el7.x86_64.rpm
olcne-nginx-1.2.3-9.el7.x86_64.rpm
olcne-prometheus-chart-1.2.3-9.el7.x86_64.rpm
olcne-utils-1.2.3-9.el7.x86_64.rpm
olcnectl-1.2.3-9.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/coredns-1.7.0-1.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/cri-o-1.18.4-2.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/cri-tools-1.18.0-2.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/etcd-3.4.3-1.0.5.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/flannel-0.12.0-2.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/yq-3.4.0-2.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/conmon-2.0.20-4.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/conmon-2.0.21-4.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/helm-3.3.4-2.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/kata-proxy-1.11.5-2.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/kata-shim-1.11.5-2.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/kata-runtime-1.11.5-2.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/kata-ksm-throttler-1.11.5-2.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/kata-image-1.11.5-2.2.ol7_202104281557.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/kata-agent-1.11.5-2.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/kata-1.11.5-4.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/kubernetes-cni-plugins-0.8.7-2.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/kubernetes-cni-0.8.0-3.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/kubernetes-dashboard-2.0.3-2.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/kubernetes-1.18.18-2.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/istio-1.7.3-1.0.2.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/olcne-1.2.3-9.el7.src.rpm
container_images:
container-registry.oracle.com/olcne/coredns:1.7.0
container-registry.oracle.com/olcne/etcd:3.4.3-3
container-registry.oracle.com/olcne/flannel:v0.12.0-1
container-registry.oracle.com/olcne/kubernetes-dashboard:v2.0.3-1
container-registry.oracle.com/olcne/kube-proxy:v1.18.18
container-registry.oracle.com/olcne/kube-apiserver:v1.18.18
container-registry.oracle.com/olcne/kube-scheduler:v1.18.18
container-registry.oracle.com/olcne/kube-controller-manager:v1.18.18
container-registry.oracle.com/olcne/externalip-webhook:v1.0.0-1
container-registry.oracle.com/olcne/prometheus:v2.20.0-1
container-registry.oracle.com/olcne/grafana:v6.7.4-3
container-registry.oracle.com/olcne/pilot:1.7.3-1
container-registry.oracle.com/olcne/proxyv2:1.7.3-1
Related CVEs:
CVE-2021-27918
Description of changes:
coredns
[1.7.0-1]
- Added Oracle specific build files
cri-o
[1.18.4-2]
- Fix for CVE-2021-27918
[1.18.4-1]
- Added Oracle Specifile Files for cri-o
cri-tools
[1.18.0-2]
- Address CVE-2021-27918
etcd
[3.4.3-1.0.5]
- Address CVE-2021-27918
flannel
[0.12.0-2]
- Address CVE-2021-27918
yq
[3.4.0-2]
- Address CVE-2021-27918
conmon
[2.0.20-4]
- Address CVE-2021-27918
conmon
[3:2.0.21-4]
- Address CVE-2021-27918
helm
[3.3.4-2]
- Address CVE-2021-27918
kata-proxy
[1.11.5-2]
- Address CVE-2021-27918
kata-shim
[1.11.5-2]
- Address CVE-2021-27918
kata-runtime
[1.11.5-2]
- Address CVE-2021-27918
kata-ksm-throttler
[1.11.5-2]
- Address CVE-2021-27918
kata-image
[1.11.5-2]
- Address CVE-2021-27918
kata-agent
[1.11.5-2]
- Fix for CVE-2021-27918
kata
[1.11.5-4]
- Address CVE-2021-27918
[1.11.5-3]
- Support 1.19, 1.20 k8s
kubernetes-cni-plugins
[0.8.7-2]
- Removed BuildArch to support ARM builds
kubernetes-cni
[0.8.0-3]
- Address CVE-2021-27918
kubernetes-dashboard
[2.0.3-2]
- Address CVE-2021-27918
kubernetes
[1.18.18-1]
- Address CVE-2021-27918
istio
[1.7.3-1.0.2]
- Address CVE-2021-27918
[1.7.3-1.0.1]
- Run gateway pods as root user to workaround ports lessthan 1024 binding failures
olcne
[1.2.3-9]
- Updated version for istio-module grafana: v6.7.4-3 and prometheus: v2.20.0-1
[1.2.3-8]
- Revert istio version to 1.7.3-1 which has just golang CVE fixes
[1.2.3-7]
- Fix k8s update path
- Update el8 conmon pre-install
[1.2.3-6]
- Updated updatepath in kubernetes.yaml and image version in templates
[1.2.3-5]
- Added missing info for 1.18.18 in kubernetes.yaml and helm.yaml
- Updated image repository in templates
[1.2.3-4]
- Fix for the failure of kubernetes restore [Orabug: 32310718]
[1.2.3-3]
- Address Istio CVE-2021-28683, CVE-2021-28682 & CVE-2021-29258
[1.2.3-2]
- fix bug where externalip cidr's can't fully be disabled
[1.2.3-1]
- Bug Fix: Update istio module definition to pass instance name for release resource
container-registry.oracle.com/olcne/coredns:1.7.0
- CVE-2021-27918
container-registry.oracle.com/olcne/etcd:3.4.3-3
- CVE-2021-27918
container-registry.oracle.com/olcne/flannel:v0.12.0-1
- CVE-2021-27918
container-registry.oracle.com/olcne/kubernetes-dashboard:v2.0.3-1
- CVE-2021-27918
container-registry.oracle.com/olcne/kube-proxy:v1.18.18
- CVE-2021-27918
container-registry.oracle.com/olcne/kube-apiserver:v1.18.18
- CVE-2021-27918
container-registry.oracle.com/olcne/kube-scheduler:v1.18.18
- CVE-2021-27918
container-registry.oracle.com/olcne/kube-controller-manager:v1.18.18
- CVE-2021-27918
container-registry.oracle.com/olcne/externalip-webhook:v1.0.0-1
- CVE-2021-27918
container-registry.oracle.com/olcne/prometheus:v2.20.0-1
- CVE-2021-27918
container-registry.oracle.com/olcne/grafana:v6.7.4-3
- CVE-2021-27918
container-registry.oracle.com/olcne/pilot:1.7.3-1
- CVE-2021-27918
container-registry.oracle.com/olcne/proxyv2:1.7.3-1
- CVE-2021-27918
An olcne security update has been released for Oracle Linux Cloud Native Environment 1.2.