El-errata: ELSA-2021-9399 Important: Oracle Linux Cloud Native Environment 1.3 olcne security update
Oracle Linux Cloud Native Environment Security Advisory ELSA-2021-9399
http://linux.oracle.com/errata/ELSA-2021-9399.html
The following updated rpms for Oracle Linux Cloud Native Environment 1.3 have been uploaded to the Unbreakable Linux Network:
x86_64:
olcnectl-1.3.1-5.el7.x86_64.rpm
olcne-agent-1.3.1-5.el7.x86_64.rpm
olcne-api-server-1.3.1-5.el7.x86_64.rpm
olcne-utils-1.3.1-5.el7.x86_64.rpm
olcne-nginx-1.3.1-5.el7.x86_64.rpm
olcne-prometheus-chart-1.3.1-5.el7.x86_64.rpm
olcne-grafana-chart-1.3.1-5.el7.x86_64.rpm
olcne-istio-chart-1.3.1-5.el7.x86_64.rpm
olcne-olm-chart-1.3.1-5.el7.x86_64.rpm
kubeadm-1.20.6-2.el7.x86_64.rpm
kubelet-1.20.6-2.el7.x86_64.rpm
kubectl-1.20.6-2.el7.x86_64.rpm
kubeadm-1.19.8-3.el7.x86_64.rpm
kubelet-1.19.8-3.el7.x86_64.rpm
kubectl-1.19.8-3.el7.x86_64.rpm
istio-1.9.6-2.el7.x86_64.rpm
istio-istioctl-1.9.6-2.el7.x86_64.rpm
istio-1.10.2-2.el7.x86_64.rpm
istio-istioctl-1.10.2-2.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/olcne-1.3.1-5.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/kubernetes-1.20.6-2.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/kubernetes-1.19.8-3.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/istio-1.9.6-2.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/istio-1.10.2-2.el7.src.rpm
container_images:
container-registry.oracle.com/olcne/kube-proxy:v1.19.8-1
container-registry.oracle.com/olcne/kube-apiserver:v1.19.8-1
container-registry.oracle.com/olcne/kube-scheduler:v1.19.8-1
container-registry.oracle.com/olcne/kube-controller-manager:v1.19.8-1
container-registry.oracle.com/olcne/kube-proxy:v1.20.6-1
container-registry.oracle.com/olcne/kube-apiserver:v1.20.6-1
container-registry.oracle.com/olcne/kube-scheduler:v1.20.6-1
container-registry.oracle.com/olcne/kube-controller-manager:v1.20.6-1
container-registry.oracle.com/olcne/pilot:1.9.6
container-registry.oracle.com/olcne/proxyv2:1.9.6
container-registry.oracle.com/olcne/pilot:1.10.2
container-registry.oracle.com/olcne/proxyv2:1.10.2
Related CVEs:
CVE-2021-28683
CVE-2021-28682
CVE-2021-29258
CVE-2021-31920
CVE-2021-31921
CVE-2021-34824
Description of changes:
olcne
[1.3.1-5]
- Updated registry-image-helper.sh to work with olcne-utils
[1.3.1-4]
- Fix istio template for 1.9.6 and 1.10.2 for k8s update failure
[1.3.1-3]
- Added END_VERSION_BLOCK for OLM image
[1.3.1-2]
- Fix iptables issue when running on OL7 host using OL8 image for 1.19.8
- Fix iptables issue when running on OL7 host using OL8 image
- Address Istio CVE's CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824
- Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282]
- Fixed missing double semicolon in registry image helper
kubernetes
[1.20.6-2]
- Fix iptables OL7 host kernel issue when running with OL8 image
[1.20.6-1]
- Added Oracle specific build files for Kubernetes
kubernetes
[1.19.8-3]
- Fix iptables issue when running on OL7 host with OL8 image
istio
[1.9.6-2]
- Fix iptables issue when running on OL7 host using OL8 image
- Added istio-mixs and istio-mixc to Obsoletes list
[1.9.6-1]
- Address CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824
istio
[1.10.2-2]
- Fix iptables problem when running on OL7 host using OL8 image
[1.10.2-1]
- Address CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824
container-registry.oracle.com/olcne/kube-proxy:v1.19.8-1
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.
container-registry.oracle.com/olcne/kube-apiserver:v1.19.8-1
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.
container-registry.oracle.com/olcne/kube-scheduler:v1.19.8-1
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.
container-registry.oracle.com/olcne/kube-controller-manager:v1.19.8-1
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.
container-registry.oracle.com/olcne/kube-proxy:v1.20.6-1
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.
container-registry.oracle.com/olcne/kube-apiserver:v1.20.6-1
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.
container-registry.oracle.com/olcne/kube-scheduler:v1.20.6-1
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.
container-registry.oracle.com/olcne/kube-controller-manager:v1.20.6-1
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.
container-registry.oracle.com/olcne/pilot:1.9.6
- CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.
container-registry.oracle.com/olcne/proxyv2:1.9.6
- CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.
container-registry.oracle.com/olcne/pilot:1.10.2
- CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.
container-registry.oracle.com/olcne/proxyv2:1.10.2
- CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824
- Removal of enable masquerading dependency for running OLCNE on Oracle Linux 7 hosts.
An Oracle Linux Cloud Native Environment 1.3 olcne security update has been released.
