Oracle Linux 6277 Published by

An Oracle Linux Cloud Native Environment 1.3 olcne security update has been released.



El-errata: ELSA-2021-9398 Important: Oracle Linux Cloud Native Environment 1.3 olcne security update


Oracle Linux Cloud Native Environment Security Advisory ELSA-2021-9398

  http://linux.oracle.com/errata/ELSA-2021-9398.html

The following updated rpms for Oracle Linux Cloud Native Environment 1.3 have been uploaded to the Unbreakable Linux Network:

x86_64:
olcnectl-1.3.1-5.el8.x86_64.rpm
olcne-agent-1.3.1-5.el8.x86_64.rpm
olcne-api-server-1.3.1-5.el8.x86_64.rpm
olcne-utils-1.3.1-5.el8.x86_64.rpm
olcne-nginx-1.3.1-5.el8.x86_64.rpm
olcne-prometheus-chart-1.3.1-5.el8.x86_64.rpm
olcne-grafana-chart-1.3.1-5.el8.x86_64.rpm
olcne-istio-chart-1.3.1-5.el8.x86_64.rpm
olcne-olm-chart-1.3.1-5.el8.x86_64.rpm
kubeadm-1.20.6-2.el8.x86_64.rpm
kubelet-1.20.6-2.el8.x86_64.rpm
kubectl-1.20.6-2.el8.x86_64.rpm
kubeadm-1.19.8-3.el8.x86_64.rpm
kubelet-1.19.8-3.el8.x86_64.rpm
kubectl-1.19.8-3.el8.x86_64.rpm
istio-istioctl-1.9.6-2.el8.x86_64.rpm
istio-1.9.6-2.el8.x86_64.rpm
istio-istioctl-1.10.2-2.el8.x86_64.rpm
istio-1.10.2-2.el8.x86_64.rpm

SRPMS:
  http://oss.oracle.com/ol8/SRPMS-updates/olcne-1.3.1-5.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/kubernetes-1.20.6-2.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/kubernetes-1.19.8-3.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/istio-1.9.6-2.el8.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/istio-1.10.2-2.el8.src.rpm

container_images:
container-registry.oracle.com/olcne/kube-proxy:v1.19.8-1
container-registry.oracle.com/olcne/kube-apiserver:v1.19.8-1
container-registry.oracle.com/olcne/kube-scheduler:v1.19.8-1
container-registry.oracle.com/olcne/kube-controller-manager:v1.19.8-1
container-registry.oracle.com/olcne/kube-proxy:v1.20.6-1
container-registry.oracle.com/olcne/kube-apiserver:v1.20.6-1
container-registry.oracle.com/olcne/kube-scheduler:v1.20.6-1
container-registry.oracle.com/olcne/kube-controller-manager:v1.20.6-1
container-registry.oracle.com/olcne/pilot:1.9.6
container-registry.oracle.com/olcne/proxyv2:1.9.6
container-registry.oracle.com/olcne/pilot:1.10.2
container-registry.oracle.com/olcne/proxyv2:1.10.2

Related CVEs:

CVE-2021-28683
CVE-2021-28682
CVE-2021-29258
CVE-2021-31920
CVE-2021-31921
CVE-2021-34824



Description of changes:

olcne
[1.3.1-5]
- Updated registry-image-helper.sh to work with olcne-utils

[1.3.1-4]
- Fix istio template for 1.9.6 and 1.10.2 for k8s update failure

[1.3.1-3]
- Added END_VERSION_BLOCK for OLM image

[1.3.1-2]
- Fix iptables issue when running on OL7 host using OL8 image for 1.19.8
- Fix iptables issue when running on OL7 host using OL8 image
- Address Istio CVE's CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824
- Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282]
- Fixed missing double semicolon in registry image helper

kubernetes
[1.20.6-2]
- Fix iptables OL7 host kernel issue when running with OL8 image

[1.20.6-1]
- Added Oracle specific build files for Kubernetes

kubernetes
[1.19.8-3]
- Fix iptables issue when running on OL7 host with OL8 image

istio
[1.9.6-2]
- Fix iptables issue when running on OL7 host using OL8 image
- Added istio-mixs and istio-mixc to Obsoletes list

[1.9.6-1]
- Address CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824

istio
[1.10.2-2]
- Fix iptables problem when running on OL7 host using OL8 image

[1.10.2-1]
- Address CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824

container-registry.oracle.com/olcne/kube-proxy:v1.19.8-1
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.

container-registry.oracle.com/olcne/kube-apiserver:v1.19.8-1
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.

container-registry.oracle.com/olcne/kube-scheduler:v1.19.8-1
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.

container-registry.oracle.com/olcne/kube-controller-manager:v1.19.8-1
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.

container-registry.oracle.com/olcne/kube-proxy:v1.20.6-1
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.

container-registry.oracle.com/olcne/kube-apiserver:v1.20.6-1
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.

container-registry.oracle.com/olcne/kube-scheduler:v1.20.6-1
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.

container-registry.oracle.com/olcne/kube-controller-manager:v1.20.6-1
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.

container-registry.oracle.com/olcne/pilot:1.9.6
- CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.

container-registry.oracle.com/olcne/proxyv2:1.9.6
- CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.

container-registry.oracle.com/olcne/pilot:1.10.2
- CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.

container-registry.oracle.com/olcne/proxyv2:1.10.2
- CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.