El-errata: ELSA-2021-9397 Important: Oracle Linux Cloud Native Environment 1.2 olcne security update
Oracle Linux Cloud Native Environment Security Advisory ELSA-2021-9397
http://linux.oracle.com/errata/ELSA-2021-9397.html
The following updated rpms for Oracle Linux Cloud Native Environment 1.2 have been uploaded to the Unbreakable Linux Network:
x86_64:
olcne-agent-1.2.4-5.el7.x86_64.rpm
olcne-api-server-1.2.4-5.el7.x86_64.rpm
olcne-istio-chart-1.2.4-5.el7.x86_64.rpm
olcne-nginx-1.2.4-5.el7.x86_64.rpm
olcne-prometheus-chart-1.2.4-5.el7.x86_64.rpm
olcne-utils-1.2.4-5.el7.x86_64.rpm
olcnectl-1.2.4-5.el7.x86_64.rpm
istio-1.9.6-2.el7.x86_64.rpm
istio-istioctl-1.9.6-2.el7.x86_64.rpm
kubeadm-1.18.18-3.el7.x86_64.rpm
kubectl-1.18.18-3.el7.x86_64.rpm
kubelet-1.18.18-3.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/olcne-1.2.4-5.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/istio-1.9.6-2.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/kubernetes-1.18.18-3.el7.src.rpm
container_images:
container-registry.oracle.com/olcne/kube-proxy:v1.18.18-1
container-registry.oracle.com/olcne/kube-apiserver:v1.18.18-1
container-registry.oracle.com/olcne/kube-scheduler:v1.18.18-1
container-registry.oracle.com/olcne/kube-controller-manager:v1.18.18-1
container-registry.oracle.com/olcne/pilot:1.9.6
container-registry.oracle.com/olcne/proxyv2:1.9.6
Related CVEs:
CVE-2021-28683
CVE-2021-28682
CVE-2021-29258
CVE-2021-31920
CVE-2021-31921
CVE-2021-34824
Description of changes:
olcne
[1.2.4-5]
- Updated registry-image-helper.sh to work with olcne-utils
[1.2.4-4]
- Fix istio template for 1.9.6 for k8s update failure
[1.2.4-3]
- Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282]
[1.2.4-2]
- Fix iptables issue when running on OL7 host using OL8 image
[1.2.4-1]
- Address Istio CVE's CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824
istio
[1.9.6-2]
- Fix iptables issue when running on OL7 host using OL8 image
- Added istio-mixs and istio-mixc to Obsoletes list
[1.9.6-1]
- Address CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824
kubernetes
[1.18.18-3]
- Fix iptables OL7 host kernel issue when running with OL8 image
[1.18.18-1]
- Address CVE-2021-27918
icontainer-registry.oracle.com/olcne/kube-proxy:v1.18.18-1
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.
container-registry.oracle.com/olcne/kube-apiserver:v1.18.18-1
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.
container-registry.oracle.com/olcne/kube-scheduler:v1.18.18-1
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.
container-registry.oracle.com/olcne/kube-controller-manager:v1.18.18-1
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.
container-registry.oracle.com/olcne/pilot:1.9.6
- CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.
container-registry.oracle.com/olcne/proxyv2:1.9.6
- CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.
An Oracle Linux Cloud Native Environment 1.2 olcne security update has been released.
