ELSA-2019-4546
- ULN >
- Oracle Linux Errata repository >
- ELSA-2019-4546
ELSA-2019-4546 - kubernetes security update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2019-02-14 |
Description
kubernetes
[1.9.11-2.2.1]
- CVE-2019-6486
[1.9.11-2.1.1]
- Fix kubeadm-registry.sh
- Use golang 1.9.3
- [CVE-2018-1002105] Handle error responses from backends
- Bump to v1.9.11
[1.9.1-2.1.7]
- [Orabug 27803001]
[1.9.1-2.1.5]
- Production built 1.9.1-2.1.5
- Fix the upgrade version check
- Remove w/a from [Orabug 27125915]
[1.9.1-2.1.4.dev]
- Make sure worker node upgrade properly
- [Orabug 27649898]
[1.9.1-2.1.3.dev]
- Ensure that the runtime mounts RO volumes read-only [CVE-2017-1002102]
- Update Dashboard version to v1.8.3 [CVE-2017-1002102]
- Fix nested volume mounts for read-only API data volumes [CVE-2017-1002102]
- Fixed kubeadm-setup.sh and kubeadm-registry.sh
- Add feature gate for subpath [CVE-2017-1002101]
- Add subpath e2e tests [CVE-2017-1002101]
- Lock subPath volumes [CVE-2017-1002101]
[1.9.1-2.0.2]
- Add Major and Minor version
- Production built 1.9.1-2.0.2
[1.9.1-2.0.1]
- Production built 1.9.1-2.0.1
[1.9.1-1.0.8.dev]
- Properly take care of KUBE_REPO_PREFIX for worker upgrade
- In restart case, take care of no image case
[1.9.1-1.0.7.dev]
- Fix apiserver-cert-extra-sans
- [Orabug 27531451]
[1.9.1-1.0.6.dev]
- Also need to fix the repo location
[1.9.1-1.0.5.dev]
- [Orabug 27481302]
[1.9.1-1.0.4.dev]
- In the restart check image could be empty
[1.9.1-1.0.3.dev]
- [Orabug 27486461]
[1.9.1-1.0.2.dev]
- Occasionally pod-infra-container-image doesn't get propagate
[1.9.1-1.0.1.dev]
- Fix kubeadm-setup.sh for v1.9.1
- Fix kubeadm-registry.sh for v1.9.1
- Upstream modifications for Oracle
- Update to v1.9.1
[1.8.4-2.0.1]
- If KUBE_REPO_PREFIX is not set then initialized to default registry
- Built production 1.8.4-2.0.1
[1.8.4-1.2.3.dev]
- [Orabug 27256199]
[1.8.4-1.2.2.dev]
- Remove -beta.0 string from the pkg
- Check and create /var/run/kubeadm early and once
[1.8.4-1.2.1.dev]
- Fix kubeadm-registry.sh default to 1.8.4
- [Orabug 27248937]
[1.8.4-1.2.0.dev]
- Update to v1.8.4
- Upstream code changes
- Support upgrade from a lower version of 1.8 to a higher one
- KUBE_GIT_TREE_STATE='git archive' breaks build
- Modify KUBE_GIT_VERSION in kubernetes.spec
- Take care of kubeadm-setup.sh to allow swap for now
[1.8.1-2.0.1]
- Built production 1.8.1-2.0.1
[1.8.1-1.1.9]
- Change kubeadm to requires kubelet and kubectl
- Fix kubeadm command line failure
[1.8.1-1.1.8.rc2]
- Remove --skip flag on upgrade path
- [Orabug 27125915]
- Enabling kubectl-proxy.service for dashboard
- Include service-cluster-ip-range in the NO_PROXY for upgrade
[1.8.1-1.1.7.rc1]
- Improve on OCR registry mirror optimization
- Fix upgrade to allow 1.7 or 1.8 kubelet/kubectl
[1.8.1-1.1.6.dev]
- Fix upgrade check of apiserver image version
- OCI REGISTRY optimization
- Modify flannel ip on the /tmp file instead of the original
- Include api advertise-address in NO_PROXY during upgrade
- Make the token to expiry in 24 hr in the upgrade case
- Add kubeadm-registry.sh
[1.8.1-1.1.5.dev]
- Start kubectl-proxy.service automatically for dashboard
- Fix unbound variable for check
- Upgrade restore and flannel upgrade capability
- Include version info in backup and restore
- Take care of kubeadm init and join parameters checking
[1.8.1-1.1.4.dev]
- Optimize dashboard creation
- Fixup upgrade
- Fixup upgrade 2.0
- Cleanup /var/lib/cni as stale ip files could create network issues
- Only display WARNING for [kubeadm]
[1.8.1-1.0.4.dev]
- Re-enable kubernetes-dashboard
- Upgrade modifications
- Make dashboard into a function
- Optimize dashboard creation
- Fixup upgrade
- Fixup upgrade 2.0
[1.8.1-1.0.3.dev]
- Add discovery-token-ca-cert-has to kubeadm::join
- Additional things to cleanup in kubeadm::down
- Fix kubelet failure for 1.8
- Don't reload firewall rule in --skip case for consistency
[1.8.1-1.0.2.dev]
- Implement upgrade capability
- Bringing back KUBE_REPO_PREFIX
- WORKAROUND FOR LACK OF OCR
[1.8.1-1.0.1.dev]
- Update to v1.8.1
- kubeadm doesn't require kubelet and kubectl anymore
- optimize firewalld checking
- move repo check to its own function + OCI repo check
- --fail-swap-on=false on kubelet for backwards compatibility
[1.7.4-2.0.7.dev]
- [Orabug 26926112]
- Put 100% completed message
[1.7.4-2.0.6.dev]
- --skip-preflight-checks doesn't check kubelet status
- TRAP cleanup background processes
[1.7.4-2.0.5.dev]
- [Orabug 26866772]
- Include rough % completed for kubeadm-setup.sh up
- Extend the usage of kubeadm-setup up
[1.7.4-2.0.4.dev]
- Check is /sbin in the PATH
- Implement init command as such more 'kubeadm init' options can be used
- Implement a spinning progress bar in case downloading takes a while
[1.7.4-2.0.1]
- Update to v1.7.4
- [Orabug 26677088] kube-dns failure with iptables services
[1.6.4-2.0.1]
- Update to v1.6.4
- Include kubeadm-setup.sh for ease of provisioning via kubeadm with Oracle Linux
kubernetes-cni
[0.6.0-2.1.1]
- CVE-2019-6486
[0.6.0-2.0.1]
- Production built 0.6.0-2.0.1
[0.6.0-1.0.1]
- Update to v0.6.0
[0.5.2-2.0.1]
- Update to v0.5.2
kubernetes-cni-plugins
[0.6.0-2.1.1]
- CVE-2019-6486
[0.6.0-2.0.1]
- Production built 0.6.0-2.0.1
[0.6.0-1.0.1.dev]
- Update to v0.6.0
Related CVEs
| CVE-2019-6486 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 7 (x86_64) | kubernetes-1.9.11-2.2.1.el7.src.rpm | df4fca5fa8bcdbc34a0443ede5365426 | ELBA-2021-9240 |
| kubernetes-cni-0.6.0-2.1.1.el7.src.rpm | 74e1aa2df620f1682e89fd9614fbe3b3 | ELBA-2021-9240 | |
| kubernetes-cni-plugins-0.6.0-2.1.1.el7.src.rpm | ebf1750193392cd3eb51b758f7169e7d | ELBA-2021-9240 | |
| kubeadm-1.9.11-2.2.1.el7.x86_64.rpm | 4cf457a1a8d0244e75344d8fe81d2c55 | ELBA-2021-9240 | |
| kubectl-1.9.11-2.2.1.el7.x86_64.rpm | 7b987aabcb8d25ab57f25c589466f34c | ELBA-2021-9240 | |
| kubelet-1.9.11-2.2.1.el7.x86_64.rpm | f6ebb5f5e1b22a4df46d81f77a567511 | ELBA-2021-9240 | |
| kubernetes-cni-0.6.0-2.1.1.el7.x86_64.rpm | be7aee635b7934ad06612cd849c52c85 | ELBA-2021-9240 | |
| kubernetes-cni-plugins-0.6.0-2.1.1.el7.x86_64.rpm | 71fe6aec011b38107356805a7747649c | ELBA-2021-9240 | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
