ELSA-2020-5765
- ULN >
- Oracle Linux Errata repository >
- ELSA-2020-5765
ELSA-2020-5765 - Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes kubernetes istio olcne security update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2020-07-22 |
Description
kernel-uek-container
[4.14.35-1902.303.5.3.el7]
- rds: Deregister all FRWR mr with free_mr (Hans Westgaard Ry) [Orabug: 31476202]
- Revert 'rds: Do not cancel RDMAs that have been posted to the HCA' (Gerd Rausch) [Orabug: 31475329]
- Revert 'rds: Introduce rds_conn_to_path helper' (Gerd Rausch) [Orabug: 31475329]
- Revert 'rds: Three cancel fixes' (Gerd Rausch) [Orabug: 31475318]
[4.14.35-1902.303.5.2.el7]
- rds: Three cancel fixes (Hakon Bugge) [Orabug: 31463014]
[4.14.35-1902.303.5.1.el7]
- x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}
- x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}
- x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}
- x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}
[4.14.35-1902.303.5.el7]
- net/mlx5: Decrease default mr cache size (Artemy Kovalyov) [Orabug: 31446379]
[4.14.35-1902.303.4.el7]
- net/rds: suppress memory allocation failure reports (Manjunath Patil) [Orabug: 31422157]
- rds: Do not cancel RDMAs that have been posted to the HCA (Hakon Bugge) [Orabug: 31422151]
- rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31422151]
kata-image
[1.7.3-1.0.5.1]
- Address Kata CVE 2023
kata-runtime
[1.7.3-1.0.5]
- Address Kata CVE-2020-2023
- Address Kata CVE-2020-2024
- Address Kata CVE-2020-2025
- Address Kata CVE-2020-2026
kata
[1.7.3-1.0.7]
- Address CVE-2020-2023
- Address CVE-2020-2024
- Address CVE-2020-2025
- Address CVE-2020-2026
kubernetes
[1.14.9-1.0.6]
- CVE-2020-8559: Privilege escalation from compromised node to cluster
- CVE-2020-8557: Node disk DOS by writing to container /etc/hosts
[1.14.9-1.0.5]
- Update dependency on Kata containers to a build that includes fixes for CVE-2020-2023 thru CVE-2020-2026
kubernetes
[1.17.9-1.0.1.el7]
- Added Oracle specific build files for Kubernetes
istio
[1.4.10-1.0.1]
- CVE-2020-15104:
Incorrect validation of wildcard DNS Subject Alternative Names
[1.4.10-1.0.0]
- Added Oracle Specific Build Files for istio/istio
olcne
[1.1.2-6]
- Include kata-runtime in the default template
[1.1.2-5]
- CVE-2020-8559: Privilege escalation from compromised node to cluster
- CVE-2020-8557: Node disk DOS by writing to container /etc/hosts
[1.1.2-4]
- Update arguments added for istio module.
[1.1.2-3]
- Ensure Istio sidecar injector uses valid executable
[1.1.2-2]
- Update Kubernetes to use Kata 1.7.3-1.0.7 to address CVE-2020-2023 thru CVE-2020-2026
[1.1.2-1]
- Added istio-1.4.10 charts and updated istio.yaml to use istio-1.4.10
Related CVEs
| CVE-2020-11080 |
| CVE-2020-2024 |
| CVE-2020-2025 |
| CVE-2020-2026 |
| CVE-2020-8557 |
| CVE-2020-1764 |
| CVE-2020-8559 |
| CVE-2020-10739 |
| CVE-2020-15104 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 7 (x86_64) | istio-1.4.10-1.0.1.el7.src.rpm | 0f0e70dda1b3def9e900e8bdee77f5dd | ELBA-2021-9240 |
| kata-1.7.3-1.0.7.el7.src.rpm | f2f27d48aff324e7fdc9682e66440e71 | ELBA-2021-9240 | |
| kata-image-1.7.3-1.0.5.1.ol7_202007011859.src.rpm | 19826a00ecf8ed689b59bb4e2f47a4fb | ELBA-2021-9240 | |
| kata-runtime-1.7.3-1.0.5.el7.src.rpm | 045284a6cc848ff586989da9b8df522d | ELBA-2021-9240 | |
| kernel-uek-container-4.14.35-1902.303.5.3.el7.src.rpm | 29588eb84034a93fd5d2bd240bd0faa4 | ELSA-2021-9221 | |
| kubernetes-1.14.9-1.0.6.el7.src.rpm | 0bc81a8d2123e9dda393594126a0d417 | ELBA-2021-9240 | |
| kubernetes-1.17.9-1.0.1.el7.src.rpm | 953fae90f0c2a572592af23905593ff8 | ELBA-2021-9240 | |
| olcne-1.1.2-6.el7.src.rpm | dc234eca9ed44a227346fb96677c5352 | ELBA-2021-9240 | |
| istio-1.4.10-1.0.1.el7.x86_64.rpm | 336388a0af72c9a17902b77dd8c65e61 | ELBA-2021-9240 | |
| istio-citadel-1.4.10-1.0.1.el7.x86_64.rpm | 1f2e0a4e40f94806ade96178151abccf | ELSA-2020-5827 | |
| istio-galley-1.4.10-1.0.1.el7.x86_64.rpm | bda7d415abf44d9dd96b12bae04a1a60 | ELSA-2020-5827 | |
| istio-istioctl-1.4.10-1.0.1.el7.x86_64.rpm | b50180320d2fd1579c429f0ea1eea08f | ELBA-2021-9240 | |
| istio-mixc-1.4.10-1.0.1.el7.x86_64.rpm | 6b835427c785119d10c1876f580821df | ELSA-2020-5827 | |
| istio-mixs-1.4.10-1.0.1.el7.x86_64.rpm | cf5cbde750febcfca7b49f22a5d92702 | ELSA-2020-5827 | |
| istio-node-agent-1.4.10-1.0.1.el7.x86_64.rpm | 041f5d50cfb5a775da16c9e2fafd8381 | ELSA-2020-5827 | |
| istio-pilot-agent-1.4.10-1.0.1.el7.x86_64.rpm | cd42c6170b63dd9a350611469d3ea0b7 | ELSA-2020-5827 | |
| istio-pilot-discovery-1.4.10-1.0.1.el7.x86_64.rpm | 21aa8f67830937848047f37a39f2f56c | ELSA-2020-5827 | |
| istio-proxy-init-1.4.10-1.0.1.el7.x86_64.rpm | 504ab832a2260128a62027a1042d58f9 | ELSA-2020-5827 | |
| istio-sidecar-injector-1.4.10-1.0.1.el7.x86_64.rpm | 34536d79bbe1e148430174a23b7bba07 | ELSA-2020-5827 | |
| kata-1.7.3-1.0.7.el7.x86_64.rpm | 8d2e9d89840d199d8b7ecb8743b15263 | ELBA-2021-9240 | |
| kata-image-1.7.3-1.0.5.1.ol7_202007011859.x86_64.rpm | df1a5e7c5fee5c4ded6c16f9c34a747c | ELBA-2021-9240 | |
| kata-runtime-1.7.3-1.0.5.el7.x86_64.rpm | 288acb968acbabe0eaac365f696dea99 | ELBA-2021-9240 | |
| kernel-uek-container-4.14.35-1902.303.5.3.el7.x86_64.rpm | b4e840fe443d1fd491ddf0ad3a6e4837 | ELSA-2021-9221 | |
| kubeadm-1.14.9-1.0.6.el7.x86_64.rpm | 878d9174f6ee8242832941dde939b3f4 | ELBA-2021-9240 | |
| kubeadm-1.17.9-1.0.1.el7.x86_64.rpm | c09bddeb2bf7cbdeb152f7c9a8cfca97 | ELBA-2021-9240 | |
| kubectl-1.14.9-1.0.6.el7.x86_64.rpm | 870016e37fdd5580e811c63345bcfd08 | ELBA-2021-9240 | |
| kubectl-1.17.9-1.0.1.el7.x86_64.rpm | 928cc427b4dd0667832063075c5cffd6 | ELBA-2021-9240 | |
| kubelet-1.14.9-1.0.6.el7.x86_64.rpm | 74fdc5a1cd41fee47003c25c494956bd | ELBA-2021-9240 | |
| kubelet-1.17.9-1.0.1.el7.x86_64.rpm | 58c5b04fc9811d77e14bd6863f9b2582 | ELBA-2021-9240 | |
| olcne-agent-1.1.2-6.el7.x86_64.rpm | ba7f7c1839184f239c81f11d86c274bb | ELBA-2021-9240 | |
| olcne-api-server-1.1.2-6.el7.x86_64.rpm | 2d23d5f875aa1a9a0dd832ef69736fa8 | ELBA-2021-9240 | |
| olcne-istio-chart-1.1.2-6.el7.x86_64.rpm | 2cf5e868a8847d351cb01f804107a78c | ELBA-2021-9240 | |
| olcne-nginx-1.1.2-6.el7.x86_64.rpm | ed5d70319ee66686bd02b1ee0ee8a795 | ELBA-2021-9240 | |
| olcne-prometheus-chart-1.1.2-6.el7.x86_64.rpm | 194339a25653fd29e4eae9f0af234e7b | ELBA-2021-9240 | |
| olcne-utils-1.1.2-6.el7.x86_64.rpm | c039120bc9310f549934c79bdaed75d5 | ELBA-2021-9240 | |
| olcnectl-1.1.2-6.el7.x86_64.rpm | c003afd794c2e586cd9ad49208b1ea6d | ELBA-2021-9240 | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
