Oracle Linux 6277 Published by

An Oracle Linux Cloud Native Environment 1.2 olcne security update has been released.



El-errata: ELSA-2021-9396 Important: Oracle Linux Cloud Native Environment 1.2 olcne security update


Oracle Linux Cloud Native Environment Security Advisory ELSA-2021-9396

  http://linux.oracle.com/errata/ELSA-2021-9396.html

The following updated rpms for Oracle Linux Cloud Native Environment 1.2 have been uploaded to the Unbreakable Linux Network:

x86_64:
olcne-agent-1.2.4-5.el8.x86_64.rpm
olcne-api-server-1.2.4-5.el8.x86_64.rpm
olcnectl-1.2.4-5.el8.x86_64.rpm
olcne-istio-chart-1.2.4-5.el8.x86_64.rpm
olcne-nginx-1.2.4-5.el8.x86_64.rpm
olcne-prometheus-chart-1.2.4-5.el8.x86_64.rpm
olcne-utils-1.2.4-5.el8.x86_64.rpm
istio-1.9.6-2.el8.x86_64.rpm
istio-istioctl-1.9.6-2.el8.x86_64.rpm
istio-pilot-discovery-1.9.6-2.el8.x86_64.rpm
istio-pilot-agent-1.9.6-2.el8.x86_64.rpm
kubeadm-1.18.18-3.el8.x86_64.rpm
kubectl-1.18.18-3.el8.x86_64.rpm
kubelet-1.18.18-3.el8.x86_64.rpm

SRPMS:
  http://oss.oracle.com/ol8/SRPMS-updates/olcne-1.2.4-5.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/istio-1.9.6-2.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/kubernetes-1.18.18-3.el8.src.rpm

container_images:
container-registry.oracle.com/olcne/kube-proxy:v1.18.18-1
container-registry.oracle.com/olcne/kube-apiserver:v1.18.18-1
container-registry.oracle.com/olcne/kube-scheduler:v1.18.18-1
container-registry.oracle.com/olcne/kube-controller-manager:v1.18.18-1
container-registry.oracle.com/olcne/pilot:1.9.6
container-registry.oracle.com/olcne/proxyv2:1.9.6

Related CVEs:

CVE-2021-28683
CVE-2021-28682
CVE-2021-29258
CVE-2021-31920
CVE-2021-31921
CVE-2021-34824



Description of changes:

olcne
[1.2.4-5]
- Updated registry-image-helper.sh to work with olcne-utils

[1.2.4-4]
- Fix istio template for 1.9.6 for k8s update failure

[1.2.4-3]
- Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282]

[1.2.4-2]
- Fix iptables issue when running on OL7 host using OL8 image

[1.2.4-1]
- Address Istio CVE's CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824

istio
[1.9.6-2]
- Fix iptables issue when running on OL7 host using OL8 image
- Added istio-mixs and istio-mixc to Obsoletes list

[1.9.6-1]
- Address CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824

kubernetes
[1.18.18-3]
- Fix iptables OL7 host kernel issue when running with OL8 image

[1.18.18-1]
- Address CVE-2021-27918

container-registry.oracle.com/olcne/kube-proxy:v1.18.18-1
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.

container-registry.oracle.com/olcne/kube-apiserver:v1.18.18-1
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.

container-registry.oracle.com/olcne/kube-scheduler:v1.18.18-1
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.

container-registry.oracle.com/olcne/kube-controller-manager:v1.18.18-1
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.

container-registry.oracle.com/olcne/pilot:1.9.6
- CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.

container-registry.oracle.com/olcne/proxyv2:1.9.6
- CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.