ELBA-2020-5955
- ULN >
- Oracle Linux Errata repository >
- ELBA-2020-5955
ELBA-2020-5955 - conmon bug fix update
| Type: | BUG |
| Impact: | NA |
| Release Date: | 2020-11-26 |
Description
conmon
[2.0.20-3]
- Add symlink for conmon under bin dir to satisfy latest podman
[2.0.20-2]
- Update for building OL8 RPMs.
[2.0.20-1]
- Added build scripts
conmon
[3:2.0.21-3]
- Define a epoch
[2.0.21-3]
- Provides symlink for /usr/bin/conmon
[2.0.21-2]
- Update for building OL8 RPMs.
[2.0.21-1]
- Added build scripts
coredns
[1.6.7-1.0.1]
- Added Oracle specific build files
cri-o
[1.18.3-4]
- Use conmon with epoch for OLCNE
[1.18.3-3]
- Update conmon to 2.0.21-3
[1.18.3-2]
- Pinned down the 2.0.21-1.el7 to avaid the conflict with 2.0.15-1.0.1.el7_8 (ol7_developer)
[1.18.3-1]
- Added Oracle Specifile Files for cri-o
cri-tools
[1.18.0-1]
- Added Oracle Specific Build Files for cri-tools
etcd
[3.4.3-1.0.4]
- bump version to support the release of ol8 image
[3.4.3-1.0.3]
- support building on ol8
[3.4.3-1.0.2]
- Address CVE-2020-16845
[3.4.3-1.0.1]
- Added Oracle specific build files
flannel
[0.10.0-2.1.12]
- Address CVE-2020-16845
[0.10.0-2.1.11]
- Resize flannel image
[0.10.0-2.1.10]
- Fix image location
[0.10.0-2.1.9]
flannel
[0.11.0-4]
- add ol8 support
[0.11.0-3]
- Added THIRD_PARTY_LICENSES.txt
[0.11.0-2]
- CVE-2019-16276 fix (bumpup golang to 1.12.10)
[0.11.0-1]
- Release of flannel-0.11.0-1
flannel
[0.12.0-1]
- Release of flannel-0.12.0-1
grafana
[6.7.4-1.0.4]
- bump version to support the release of ol8 image
[6.7.4-1.0.3]
- Add OL8 Build Template
[6.7.4-1.0.2]
- Address CVE-2020-16845
[6.7.4-1.0.1]
- Added Oracle Specific Build Files for grafana
helm
[3.3.4-1]
- Added Oracle Specific build Files
istio
istio
istio
kata
[1.11.3-4]
- Use kernel-uek-container-5.4.17-2036.100.6.1
[1.11.3-3]
- Bump OL8 qemu-kvm-min
[1.11.3-2]
- Added OL8 changes
[1.11.3-1]
- Update to kata 1.11.3
kata-agent
[1.11.3-3]
- Fix kata-image build
[1.11.3-2]
- Added OL8 build changes
[1.11.3-1]
- Added Oracle Specific Build Files for kata-agent
kata-image
[1.11.3-3]
- Fix kata-image build
[1.11.3-2]
- Added OL8 build changes
[1.11.3-1]
- Added Oracle Specific Build Files for kata-image
kata-ksm-throttler
[1.11.3-2]
- Added OL8 changes
[1.11.3-1]
- Added Oracle Specific Build Files for kata-ksm-throttler
kata-proxy
[1.11.3-2]
- Added OL8 changes
[1.11.3-1]
- Added Oracle Specific Build Files for kata-proxy
kata-runtime
[1.11.3-3]
- DEFAULT_QEMU for OL8
[1.11.3-2]
- Added OL8 changes
[1.11.3-1]
- Added Oracle Specific Files For kata-runtime
kata-shim
[1.11.3-2]
- Added OL8 changes
[1.11.3-1]
- Added Oracle Specific Build Files for kata-shim
kernel-uek-container
[5.4.17-2036.100.6.1.el7]
- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug:
32040802] {CVE-2020-8694} {CVE-2020-8695}
[5.4.17-2036.100.6.el7]
- KVM: ioapic: break infinite recursion on lazy EOI (Vitaly Kuznetsov) [Orabug: 32066585] {CVE-2020-27152}
- x86/mitigations: Restore paranoid checks for int3 handling (Boris Ostrovsky) [Orabug: 31999339]
- x86/jump_label: Patch one site at a time (Boris Ostrovsky) [Orabug: 31999339]
[5.4.17-2036.100.5.el7]
- uek-rpm: Fix integer test for 4k page size module signing (Dave Kleikamp) [Orabug: 32021114]
- uek-rpm/kernel-uek.spec: Sign modules for 4k kernel (Vijay Kumar) [Orabug: 32021114]
- hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989185] {CVE-2020-25643}
- dm crypt: add flags to optionally bypass kcryptd workqueues (Ignat Korchagin) [Orabug: 31998688]
- uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 32010302]
- geneve: add transport ports in route lookup for geneve (Mark Gray) [Orabug: 32013938] {CVE-2020-25645}
- nvmet: Disable keep-alive timer when kato is cleared to 0h (Amit Engel) [Orabug: 31997181]
- KVM: nVMX: stop abusing need_vmcs12_to_shadow_sync for eVMCS mapping (Vitaly Kuznetsov) [Orabug: 31986433]
- cpu/hotplug: avoid race between cpuset_hotplug_workfn and later hotplug (Daniel Jordan) [Orabug: 31985221]
- uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31979626]
- uek-rpm: Add old OL keys to the default .blacklist keyring (Eric Snowberg) [Orabug: 31961115]
- certs: Add ability to preload revocation certs (Eric Snowberg) [Orabug: 31961115]
- certs: Move load_system_certificate_list to a common function (Eric Snowberg) [Orabug: 31961115]
- certs: Add EFI_CERT_X509_GUID support for dbx entries (Eric Snowberg) [Orabug: 31961115] {CVE-2020-26541}
- bcache: stop setting ->queuedata (Christoph Hellwig) [Orabug: 30210051]
- bcache: pr_info() format clean up in bcache_device_init() (Coly Li) [Orabug: 30210051]
- bcache: use delayed kworker fo asynchronous devices registration (Coly Li) [Orabug: 30210051]
- bcache: check and adjust logical block size for backing devices (Mauricio Faria de Oliveira) [Orabug: 30210051]
- bcache: configure the asynchronous registertion to be experimental (Coly Li) [Orabug: 30210051]
- bcache: asynchronous devices registration (Coly Li) [Orabug: 30210051]
- bcache: Convert pr_
- bcache: remove redundant variables i and n (Colin Ian King) [Orabug: 30210051]
- bcache: remove a duplicate ->make_request_fn assignment (Christoph Hellwig) [Orabug: 30210051]
- bcache: pass the make_request methods to blk_queue_make_request (Christoph Hellwig) [Orabug: 30210051]
- bcache: remove dupplicated declaration from btree.h (Coly Li) [Orabug: 30210051]
- bcache: optimize barrier usage for atomic operations (Coly Li) [Orabug: 30210051]
- bcache: optimize barrier usage for Rmw atomic bitops (Davidlohr Bueso) [Orabug: 30210051]
- bcache: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 30210051]
- bcache: make bch_sectors_dirty_init() to be multithreaded (Coly Li) [Orabug: 30210051]
- bcache: make bch_btree_check() to be multithreaded (Coly Li) [Orabug: 30210051]
- bcache: add bcache_ prefix to btree_root() and btree() macros (Coly Li) [Orabug: 30210051]
- bcache: move macro btree() and btree_root() into btree.h (Coly Li) [Orabug: 30210051]
- bcache: remove macro nr_to_fifo_front() (Coly Li) [Orabug: 30210051]
- bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (Coly Li) [Orabug: 30210051]
- bcache: check return value of prio_read() (Coly Li) [Orabug: 30210051]
- bcache: reap from tail of c->btree_cache in bch_mca_scan() (Coly Li) [Orabug: 30210051]
- bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan() (Coly Li) [Orabug: 30210051]
- bcache: remove member accessed from struct btree (Coly Li) [Orabug: 30210051]
- bcache: add code comments for state->pool in __btree_sort() (Coly Li) [Orabug: 30210051]
- bcache: use read_cache_page_gfp to read the superblock (Christoph Hellwig) [Orabug: 30210051]
- bcache: store a pointer to the on-disk sb in the cache and cached_dev structures (Christoph Hellwig) [Orabug: 30210051]
- bcache: return a pointer to the on-disk sb from read_super (Christoph Hellwig) [Orabug: 30210051]
- bcache: transfer the sb_page reference to register_{bdev,cache} (Christoph Hellwig) [Orabug: 30210051]
- bcache: use a separate data structure for the on-disk super block (Christoph Hellwig) [Orabug: 30210051]
- bcache: don't export symbols (Christoph Hellwig) [Orabug: 30210051]
- bcache: remove the extra cflags for request.o (Christoph Hellwig) [Orabug: 30210051]
- bcache: add idle_max_writeback_rate sysfs interface (Coly Li) [Orabug: 30210051]
- bcache: add code comments in bch_btree_leaf_dirty() (Coly Li) [Orabug: 30210051]
- bcache: add code comment bch_keylist_pop() and bch_keylist_pop_front() (Coly Li) [Orabug: 30210051]
- bcache: deleted code comments for dead code in bch_data_insert_keys() (Coly Li) [Orabug: 30210051]
- bcache: add more accurate error messages in read_super() (Coly Li) [Orabug: 30210051]
- bcache: fix a lost wake-up problem caused by mca_cannibalize_lock (Guoju Fang) [Orabug: 30210051]
- mstflint_access: Update driver code to v4.15.0-1 from Github (Itay Avraham) [Orabug: 31965669]
- rds/tcp: Enhance stats maintained by rds (Rao Shoaib) [Orabug: 31933715]
- panic: move disabling iommu to after dump_stack() (John Donnelly) [Orabug: 31916337]
- nbd_genl_status: null check for nla_nest_start (Navid Emamdoost) [Orabug: 31972480] {CVE-2019-16089}
- vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 31914650] {CVE-2020-14390}
- fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914650] {CVE-2020-14390}
- net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (Shung-Hsi Yu) [Orabug: 31907969]
- PCI: pciehp: Reduce noisiness on hot removal (Lukas Wunner) [Orabug: 30512596]
- kdump: update Documentation about crashkernel (Chen Zhou) [Orabug: 31554906]
- arm64: kdump: add memory for devices by DT property linux, usable-memory-range (Chen Zhou) [Orabug: 31554906]
- kdump: add threshold for the required memory (Chen Zhou) [Orabug: 31554906]
- arm64: kdump: reimplement crashkernel=X (Chen Zhou) [Orabug: 31554906]
- arm64: kdump: introduce some macroes for crash kernel reservation (Chen Zhou) [Orabug: 31554906]
- x86: kdump: move reserve_crashkernel[_low]() into crash_core.c (Chen Zhou) [Orabug: 31554906]
- x86: kdump: use macro CRASH_ADDR_LOW_MAX in functions reserve_crashkernel[_low]() (Chen Zhou) [Orabug: 31554906]
- x86: kdump: make the lower bound of crash kernel reservation consistent (Chen Zhou) [Orabug: 31554906]
- x86: kdump: move CRASH_ALIGN to 2M (Chen Zhou) [Orabug: 31554906]
- block: allow 'chunk_sectors' to be non-power-of-2 (Mike Snitzer) [Orabug: 31827023]
- block: use lcm_not_zero() when stacking chunk_sectors (Mike Snitzer) [Orabug: 31827023]
- dm: fix comment in dm_process_bio() (Mike Snitzer) [Orabug: 31827023]
- dm: fix bio splitting and its bio completion order for regular IO (Mike Snitzer) [Orabug: 31827023]
- block: allow for_each_bvec to support zero len bvec (Ming Lei) [Orabug: 31955136] {CVE-2020-25641}
[5.4.17-2036.100.4.el7]
- xfs: force writes to delalloc regions to unwritten (Darrick J. Wong) [Orabug: 30787888]
- xfs: properly serialise fallocate against AIO+DIO (Dave Chinner) [Orabug: 31366104]
- perf/x86/rapl: Add Ice Lake RAPL support (Thomas Tai) [Orabug: 31766610]
- xfs: attach dquots and reserve quota blocks during unwritten conversion (Darrick J. Wong) [Orabug: 31785972]
- netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872853] {CVE-2020-25211}
- net/rds: Extract dest qp num for displaying in rds-info (Praveen Kumar Kannoju) [Orabug: 31880140]
- uek-rpm: streamline 4konly build (Dave Kleikamp) [Orabug: 31891770]
- bnxt: correct warning: unused variable: 'rc' (John Donnelly) [Orabug: 31907548]
- i40e: Correct warning: 'aq_ret' may be used uninitialized, (John Donnelly) [Orabug: 31907631]
- uek-rpm: Add ovmapi.ko to uek6 nano_modules (Joe Jin) [Orabug: 31908852]
- uek-rpm: config: Enable OVM API (Joe Jin) [Orabug: 31908852]
- uek-rpm: Fix kernel-ueknano depmod warnings vhost_iotlb regmap-i2c (Vijayendra Suman) [Orabug: 31916879]
- kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (Muchun Song) [Orabug: 31920526]
- scsi: page warning: 'page' may be used uninitialized. (John Donnelly) [Orabug: 31920671]
- x86/speculation/taa: Add TAA_MITIGATION_IDLE mode (Patrick Colp) [Orabug: 31921884]
- oracleasm: Access d_bdev before dropping inode (Stephen Brennan) [Orabug: 31927355]
- iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (Suravee Suthikulpanit) [Orabug: 31931368]
- iommu/amd: Fix potential @entry null deref (Joao Martins) [Orabug: 31931368]
- iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (Suravee Suthikulpanit) [Orabug: 31931368]
kubernetes
[1.18.10-2]
- Patch Corefile correctly during coreDNS upgrade from older version
[1.18.10-1]
- Added Oracle specific build files for Kubernetes
kubernetes-cni
[0.8.0-2]
- Changes to support OL8 builds
[0.8.0-1]
- Added Oracle specific build files for Kubernetes CNI
kubernetes-cni-plugins
[0.8.7-1]
- Added Oracle specific build files for Kubernetes CNI Plugins
kubernetes-dashboard
[2.0.3-1]
- Added Oracle Specific Build Files for kubernetes-dashboard
olcne-selinux
olcne
[1.2.0-3]
- Fix keepalived version pin down issue
[1.2.0-2]
- Fix an issue where removing nodes from a Kubernetes cluster would improperly edit the crio.conf file on the remaining nodes
[1.2.0-1]
- Add support for Oracle Linux 8
- Include Kubernetes 1.18.10
- Include Helm 3.3.4
- Include Istio 1.7.3
- Add support for SELinux enforcing mode
- Enable configuration of TLS parameters for Kubernetes and OLCNE Platform components
- Allow Kubernetes worker nodes to be deployed behind NAT
- Enable using FIPS-compliant OpenSSL cryptography when running in FIPS mode on Oracle Linux 8
[1.1.8-1]
- Pindown podman version to 1.4.4
[1.1.7-1]
- Add mixed UEK5/UEK6 kernel support
[1.1.6-1]
- support upgrading nginx
- Adress CVE-2019-9511
- Adress CVE-2018-16845
- Adress CVE-2017-7529
- support upgrading flannel
[1.1.5-4]
- make container-registry updatable
[1.1.5-2]
- kubernetes pod subnet flag not honored in flannel configuration
[1.1.5-1]
- Address CVE-2020-16845
[1.1.4-1]
- Bump kubernetes RPM due to CVE-2019-20908
[1.1.3-1]
- Fix upstream kubeadm reset regression
[1.1.2-5]
- CVE-2020-8559: Privilege escalation from compromised node to cluster
- CVE-2020-8557: Node disk DOS by writing to container /etc/hosts
[1.1.2-4]
- Update arguments added for istio module.
[1.1.2-1]
- Update Kubernetes package requirements to ensure that Kata is deployed with fixes for CVE-2020-2023 thru CVE-2020-2026
[1.1.1-5]
- Add mixed UEK5/UEK6 kernel support
[1.1.1-4]
- Allow selinux tunable (default is permissive)
[1.1.1-1]
- Update Istio to use Grafana 6.7.4 to address CVE-2020-13379
- Kubernetes update due to CVE-2020-10749 and CVE-2020-8555
[1.1.0-22]
- Add support for multi-nic
[1.1.0-21]
- Include kata-runtime in the default template
[1.1.0-20]
- Preserve the order of master-nodes if update user input contains them
- Combine duplicate IPs during modules create/update
[1.1.0-19]
- Fix --help command for module create/update
- Requires firewalld on olcne-agent
[1.1.0-18]
- Ensure that olcne-nginx dependency is always set to the current version
[1.1.0-15]
- Fix bug with wrong nginx rpm version
[1.1.0-14]
- Fix bug with K8s 1.17 scaling when the upload cert api is expired
[1.1.0-13]
- Enforce all firewall ports be queried from the public zone
[1.1.0-12]
- support deprecating versions from the choices for update
[1.1.0-10]
- Support image migration for 1.14.8, 1.14.9, 1.15.11, 1.16.8, 1.17.4
[1.1.0-9]
- Add support for Helm 3.1.1
- Included several bug fixes for recovery scenarios surrounding updating Kubernetes clusters
[1.1.0-5]
- Add support for Kubernetes 1.17
- Add support for Istio 1.4.6
- Existing Kubernetes clusters can now be scaled up and down
[1.0.1-5]
- Enhance agent state detection, specifically for the restore
[1.0.1-4]
- Remove olcne package from build
[1.0.1-1]
- Added support for updating Kubernetes clusters
yq
[3.4.0-1]
- Added Oracle specific build files
container-selinux
[2:2.119.2-1.911c772]
- fix #1811759
[2:2.119.1-2.c57a6f9]
- update to 2.119.1 RHEL7 branch
- Related: RHELPLAN-26239
[2:2.107-3]
- use 2.107 in RHEL7u7
- add build.sh script
[2:2.107-2]
- Resolves: #1626215
[2:2.107-1]
- bump to v2.107
[2:2.99-1]
- built commit b13d03b
[2:2.95-2]
- rebase
[2:2.84-2]
- rebase
[2.77-1]
- backported fixes from upstream
[2.76-1]
- Allow containers to use fuse file systems by default
- Allow containers to sendto dgram socket of container runtimes
- Needed to run container runtimes in notify socket unit files.
[2.74-1]
- Allow containers to setexec themselves
[2:2.73-3]
- tweak macro for fedora - applies to rhel8 as well
[2:2.73-2]
- moved changelog entries:
- Define spc_t as a container_domain, so that container_runtime will transition
to spc_t even when setup with nosuid.
- Allow container_runtimes to setattr on callers fifo_files
- Fix restorecon to not error on missing directory
[2.69-3]
- Make sure we pull in the latest selinux-policy
[2.69-2]
- Add map support to container-selinux for RHEL 7.5
- Dontudit attempts to write to kernel_sysctl_t
[2.68-1]
- Add label for /var/lib/origin
- Add customizable_file_t to customizable_types
[2.67-1]
- Add policy for container_logreader_t
[2.66-1]
- Allow dnsmasq to dbus chat with spc_t
[2.64-1]
- Allow containers to create all socket classes
[2.62-1]
- Label overlay directories under /var/lib/containers/ correctly
[2.61-1]
- Allow spc_t to load kernel modules from inside of container
[2.60-1]
- Allow containers to list cgroup directories
- Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t.
[2.58-2]
- Run restorecon /usr/bin/podman in postinstall
[2.58-1]
- Add labels to allow podman to be run from a systemd unit file
[2.57-1]
- Set the version of SELinux policy required to the latest to fix build issues.
[2.56-1]
- Allow container_runtime_t to transition to spc_t over unlabeled files
[2.55-1]
Allow iptables to read container state
Dontaudit attempts from containers to write to /proc/self
Allow spc_t to change attributes on container_runtime_t fifo files
[2.52-1]
- Add better support for writing custom selinux policy for customer container domains.
[2.51-1]
- Allow shell_exec_t as a container_runtime_t entrypoint
[2.50-1]
- Allow bin_t as a container_runtime_t entrypoint
[2.49-1]
- Add support for MLS running container runtimes
- Add missing allow rules for running systemd in a container
[2.48-1]
- Update policy to match master branch
- Remove typebounds and replace with nnp_transition and nosuid_transition calls
[2.41-1]
- Add support to nnp_transition for container domains
- Eliminates need for typebounds.
[2.40-1]
- Allow container_runtime_t to use user ttys
- Fixes bounds check for container_t
[2.39-1]
- Allow container runtimes to use interited terminals. This helps
satisfy the bounds check of container_t versus container_runtime_t.
[2.38-1]
- Allow container runtimes to mmap container_file_t devices
- Add labeling for rhel push plugin
[2.37-1]
- Allow containers to use inherited ttys
- Allow ostree to handle labels under /var/lib/containers/ostree
[2.36-1]
- Allow containers to relabelto/from all file types to container_file_t
[2.35-1]
- Allow container to map chr_files labeled container_file_t
[2.34-1]
- Dontaudit container processes getattr on kernel file systems
[2.33-1]
- Allow containers to read /etc/resolv.conf and /etc/hosts if volume
- mounted into container.
[2.32-1]
- Make sure users creating content in /var/lib with right labels
[2.31-1]
- Allow the container runtime to dbus chat with dnsmasq
- add dontaudit rules for container trying to write to /proc
[2.29-1]
- Add support for lxcd
- Add support for labeling of tmpfs storage created within a container.
[2.28-1]
- Allow a container to umount a container_file_t filesystem
[2.27-1]
- Allow container runtimes to work with the netfilter sockets
- Allow container_file_t to be an entrypoint for VM's
- Allow spc_t domains to transition to svirt_t
[2.24-1]
- Make sure container_runtime_t has all access of container_t
[2.23-1]
- Allow container runtimes to create sockets in tmp dirs
[2.22-1]
- Add additonal support for crio labeling.
[2.21-3]
- Fixup spec file conditionals
[2:2.21-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
[2.21-1]
- Allow containers to execmod on container_share_t files.
[2.20-2]
- Relabel runc and crio executables
[2.20-1]
- Allow container processes to getsession
[2:2.19-2.1]
- update release tag to isolate from 7.3
[2:2.19-1]
- Fix mcs transition problem on stdin/stdout/stderr
- Add labels for CRI-O
- Allow containers to use tunnel sockets
[2:2.15-1.1]
- Resolves: #1451289
- rebase to v2.15
- built @origin/RHEL-1.12 commit 583ca40
[2:2.10-2.1]
- Make sure we have a late enough version of policycoreutils
[2:2.10-1]
- Update to the latest container-selinux patch from upstream
- Label files under /usr/libexec/lxc as container_runtime_exec_t
- Give container_t access to XFRM sockets
- Allow spc_t to dbus chat with init system
- Allow containers to read cgroup configuration mounted into a container
[2:2.9-4]
- Resolves: #1425574
- built commit 79a6d70
[2:2.9-3]
- Resolves: #1420591
- built @origin/RHEL-1.12 commit 8f876c4
[2:2.9-2]
- built @origin/RHEL-1.12 commit 33cb78b
[2:2.8-2]
-
[2:2.7-1]
- built origin/RHEL-1.12 commit 21dd37b
[2:2.4-2]
- correct version-release in changelog entries
[2:2.4-1]
- Add typebounds statement for container_t from container_runtime_t
- We should only label runc not runc*
[2:2.3-1]
- Fix labeling on /usr/bin/runc.*
- Add sandbox_net_domain access to container.te
- Remove containers ability to look at /etc content
[2:2.2-4]
- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7
[2:2.2-3]
- properly disable docker module in %post
[2:2.2-2]
- depend on selinux-policy-targeted
- relabel docker-latest* files as well
[2:2.2-1]
- bump to v2.2
- additional labeling for ocid
[2:2.0-2]
- install policy at level 200
- From: Dan Walsh
[2:2.0-1]
- Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a
standalone package)
- include projectatomic/RHEL-1.12 branch commit for building on centos/rhel
[2:1.12.4-29]
- new package (separated from docker)
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 7 (aarch64) | container-selinux-2.119.2-1.911c772.el7_8.src.rpm | 04bfd4e6cc0ad8322fa3a3e6023a0a08106b59a3045ec8f53b474d8029b2de4b | ELBA-2023-0115 | ol7_aarch64_developer |
| container-selinux-2.119.2-1.911c772.el7_8.src.rpm | 04bfd4e6cc0ad8322fa3a3e6023a0a08106b59a3045ec8f53b474d8029b2de4b | ELBA-2023-0115 | ol7_aarch64_olcne13 | |
| container-selinux-2.119.2-1.911c772.el7_8.src.rpm | 04bfd4e6cc0ad8322fa3a3e6023a0a08106b59a3045ec8f53b474d8029b2de4b | ELBA-2023-0115 | ol7_aarch64_olcne14 | |
| container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm | 460ba6911c15729ee0d6bb25656a8ec534a34f1ae2cf7efb9436e80d4662d7f2 | ELBA-2023-0115 | ol7_aarch64_developer | |
| container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm | 460ba6911c15729ee0d6bb25656a8ec534a34f1ae2cf7efb9436e80d4662d7f2 | ELBA-2023-0115 | ol7_aarch64_olcne13 | |
| container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm | 460ba6911c15729ee0d6bb25656a8ec534a34f1ae2cf7efb9436e80d4662d7f2 | ELBA-2023-0115 | ol7_aarch64_olcne14 | |
| Oracle Linux 7 (x86_64) | conmon-2.0.20-3.el7.src.rpm | 732e30acaf373e7b1c8845e11ccf3af7d3691531f186a5052c58b3b82a315c8d | ELSA-2024-12189 | ol7_x86_64_olcne12 |
| conmon-2.0.21-3.el7.src.rpm | 6d8e747ad0458546a01b22c0f0eda354774803e60cdd415ce14991e74d87dd64 | ELSA-2024-12189 | ol7_x86_64_olcne12 | |
| container-selinux-2.119.2-1.911c772.el7_8.src.rpm | 04bfd4e6cc0ad8322fa3a3e6023a0a08106b59a3045ec8f53b474d8029b2de4b | ELBA-2023-0115 | ol7_x86_64_developer | |
| container-selinux-2.119.2-1.911c772.el7_8.src.rpm | 04bfd4e6cc0ad8322fa3a3e6023a0a08106b59a3045ec8f53b474d8029b2de4b | ELBA-2023-0115 | ol7_x86_64_olcne12 | |
| container-selinux-2.119.2-1.911c772.el7_8.src.rpm | 04bfd4e6cc0ad8322fa3a3e6023a0a08106b59a3045ec8f53b474d8029b2de4b | ELBA-2023-0115 | ol7_x86_64_olcne13 | |
| container-selinux-2.119.2-1.911c772.el7_8.src.rpm | 04bfd4e6cc0ad8322fa3a3e6023a0a08106b59a3045ec8f53b474d8029b2de4b | ELBA-2023-0115 | ol7_x86_64_olcne14 | |
| container-selinux-2.119.2-1.911c772.el7_8.src.rpm | 04bfd4e6cc0ad8322fa3a3e6023a0a08106b59a3045ec8f53b474d8029b2de4b | ELBA-2023-0115 | ol7_x86_64_olcne15 | |
| coredns-1.6.7-1.0.1.el7.src.rpm | 1320bb9618e9dd4b6313b8c8a602df5e3cb4c80508952b78256f640525dd8146 | ELBA-2022-9349 | ol7_x86_64_olcne12 | |
| cri-o-1.18.3-4.el7.src.rpm | c1021e4bc06807137ea71665eb5a7ae1030a44662d15e5e09dac388d70119f0f | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| cri-tools-1.18.0-1.el7.src.rpm | 3f5b4490325236457bf39e261d67e4f9624b933963a4ce4b94287ec725d2d638 | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| etcd-3.4.3-1.0.4.el7.src.rpm | 790672ab410497d66299328bc6ef802dc4a3def695dab9dc274fd9765eaa0ef6 | ELBA-2024-12346 | ol7_x86_64_olcne12 | |
| flannel-0.10.0-2.1.12.el7.src.rpm | c67c8170f5453131039985c0eb79d78007fac25d1b7bab223a580d1e478c57b4 | ELSA-2021-9268 | ol7_x86_64_olcne | |
| flannel-0.10.0-2.1.12.el7.src.rpm | c67c8170f5453131039985c0eb79d78007fac25d1b7bab223a580d1e478c57b4 | ELSA-2021-9268 | ol7_x86_64_olcne11 | |
| flannel-0.10.0-2.1.12.el7.src.rpm | c67c8170f5453131039985c0eb79d78007fac25d1b7bab223a580d1e478c57b4 | ELSA-2021-9268 | ol7_x86_64_olcne12 | |
| flannel-0.11.0-4.el7.src.rpm | 333c796fc26a0471d548ee9602655daa8a4da6f3af7b50ff17a04a01e3a41da7 | ELSA-2021-9268 | ol7_x86_64_olcne12 | |
| flannel-0.12.0-1.el7.src.rpm | 3f6c57a8f006824b8e83911cf6925d1215255f22196968f3a8e567ee40fe93b8 | ELSA-2021-9268 | ol7_x86_64_olcne12 | |
| grafana-6.7.4-1.0.4.el7.src.rpm | c09d64e6f0a7ce4b7eadc0493d78e02b1f776772582f8513282eac843888a675 | - | ol7_x86_64_olcne12 | |
| helm-3.3.4-1.el7.src.rpm | f47d33948c4fab22838ad553e34c7bece447a33580b71a4f6b0e6bbf37b9af7e | ELSA-2024-12189 | ol7_x86_64_olcne12 | |
| istio-1.5.10-1.0.0.el7.src.rpm | 27d6b73dd32cd039ab0a9a652037f7bb5bac82107194169e75c6fa92973c8a18 | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| istio-1.6.12-1.0.0.el7.src.rpm | c9c282797882bde9f664638748ec68c36cbd8782e6110b1bd299c5551d9867a3 | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| istio-1.7.3-1.0.0.el7.src.rpm | b42bddbb371bdf932e8189b45c10b89ae05823b2e21843d3d14e6a2bbe173ff5 | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| kata-1.11.3-4.el7.src.rpm | 5f69b999afa97ca3b631881bfc0374e797c63ae8510cdc621748acbfd4e8b3ed | ELSA-2024-12189 | ol7_x86_64_olcne12 | |
| kata-agent-1.11.3-3.el7.src.rpm | 8d149eb0c2da85d46de109e092c11d0b03dddc8d49f8c727cf117cf5a6bf1a5e | ELSA-2024-12189 | ol7_x86_64_olcne12 | |
| kata-image-1.11.3-3.3.ol7_202011040027.src.rpm | 73088d5115e0a405803b8a3d60426ce06b5adc3c4a0ac79710d2529159b2666e | ELSA-2024-12189 | ol7_x86_64_olcne12 | |
| kata-ksm-throttler-1.11.3-2.el7.src.rpm | 98c1ebd8b56a29bca0d3fbc7f186c50f13836b3046c5463d38bf6b59dda388f8 | ELSA-2024-12189 | ol7_x86_64_olcne12 | |
| kata-proxy-1.11.3-2.el7.src.rpm | ca54e5a71d8810b93c2a588724667451e046ec4fa705c82f453caf57dc364d7f | ELSA-2024-12189 | ol7_x86_64_olcne12 | |
| kata-runtime-1.11.3-3.el7.src.rpm | 65c3f543f3c671008270659f3a13060c34e57504a11a735d91b59ac967d80980 | ELSA-2024-12189 | ol7_x86_64_olcne12 | |
| kata-shim-1.11.3-2.el7.src.rpm | 28824a83e885837165104fff75d2f09f79b9c9c24c2d82ffc66608fd9e6fc2df | ELSA-2024-12189 | ol7_x86_64_olcne12 | |
| kernel-uek-container-5.4.17-2036.100.6.1.el7.src.rpm | e48c3a70ba019d6e8e501fd9448489bcf9d492cb03393ac19b5461cb5bcf4a74 | ELSA-2025-20190 | ol7_x86_64_UEKR6 | |
| kernel-uek-container-5.4.17-2036.100.6.1.el7.src.rpm | e48c3a70ba019d6e8e501fd9448489bcf9d492cb03393ac19b5461cb5bcf4a74 | ELSA-2025-20190 | ol7_x86_64_olcne12 | |
| kubernetes-1.18.10-2.el7.src.rpm | 3f06682b33d53f8278b9de95068fb1775c3be2b53a6249146b6d4011b8ecc643 | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| kubernetes-cni-0.8.0-2.el7.src.rpm | d6dd7ecbbe8085bc8adcf447989d4096980f3343d93706eabb373eed8e7f596b | ELSA-2024-12189 | ol7_x86_64_olcne12 | |
| kubernetes-cni-plugins-0.8.7-1.el7.src.rpm | c421280d262195bd98219c394b3701e51359ba1f07d08ae8c553476533913b8c | ELBA-2024-18618 | ol7_x86_64_olcne12 | |
| kubernetes-dashboard-2.0.3-1.el7.src.rpm | 0f58496e1175602ea32ddf350ba53dd81c6dd1650d3ac5f54452e3f1a4aa8789 | ELBA-2021-9240 | ol7_x86_64_olcne12 | |
| olcne-1.2.0-3.el7.src.rpm | 22b7433f39fb2c917cf9b22353a08793e30bb7b1d980da67dd3d567565511e7a | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| olcne-selinux-1.0.0-6.el7.src.rpm | 229be26b2cf25c4e014e3a14c61976829aa1f8880f2ea0d8e06e1e7ce3214ffc | ELBA-2023-12191 | ol7_x86_64_olcne12 | |
| olcne-selinux-1.0.0-6.el7.src.rpm | 229be26b2cf25c4e014e3a14c61976829aa1f8880f2ea0d8e06e1e7ce3214ffc | ELBA-2023-12191 | ol7_x86_64_olcne13 | |
| yq-3.4.0-1.el7.src.rpm | 88fbf5b239445e6a19a61b8d9c0313aaf5fc928ebe72e046b7946c8ebd15837a | ELSA-2024-12189 | ol7_x86_64_olcne12 | |
| conmon-2.0.20-3.el7.x86_64.rpm | 7718be32065633ee25ce95c44894863f44759473c991af5b449bf423a14a8394 | ELSA-2024-12189 | ol7_x86_64_olcne12 | |
| conmon-2.0.21-3.el7.x86_64.rpm | 376e90208a32777376ad3b400a4eddd81d412d8c4d8ca39730080c8ecd9fb4fa | ELSA-2024-12189 | ol7_x86_64_olcne12 | |
| container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm | 460ba6911c15729ee0d6bb25656a8ec534a34f1ae2cf7efb9436e80d4662d7f2 | ELBA-2023-0115 | ol7_x86_64_developer | |
| container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm | 460ba6911c15729ee0d6bb25656a8ec534a34f1ae2cf7efb9436e80d4662d7f2 | ELBA-2023-0115 | ol7_x86_64_olcne12 | |
| container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm | 460ba6911c15729ee0d6bb25656a8ec534a34f1ae2cf7efb9436e80d4662d7f2 | ELBA-2023-0115 | ol7_x86_64_olcne13 | |
| container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm | 460ba6911c15729ee0d6bb25656a8ec534a34f1ae2cf7efb9436e80d4662d7f2 | ELBA-2023-0115 | ol7_x86_64_olcne14 | |
| container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm | 460ba6911c15729ee0d6bb25656a8ec534a34f1ae2cf7efb9436e80d4662d7f2 | ELBA-2023-0115 | ol7_x86_64_olcne15 | |
| coredns-1.6.7-1.0.1.el7.x86_64.rpm | e333a0fdf01d5cb0b84295510a4ffb3261a00f056b13f3f4e007bc447aee1c25 | ELBA-2022-9349 | ol7_x86_64_olcne12 | |
| cri-o-1.18.3-4.el7.x86_64.rpm | e8e28074f871d65c16d54c7d8597f1fbf951efeef2dddf7874fb5cadb4d3edfa | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| cri-tools-1.18.0-1.el7.x86_64.rpm | 6b30086009768caa80d4236fc570b62737ac8b4e71db718da0921a2d738e8cbf | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| etcd-3.4.3-1.0.4.el7.x86_64.rpm | 35d04f04cc7566e0cb87470c528ef623b53007b5899ce41c4a97fbd4f674fd7a | ELBA-2024-12346 | ol7_x86_64_olcne12 | |
| flannel-0.10.0-2.1.12.el7.x86_64.rpm | d1a61c41db2130f161b70a48f171038c08fca2e68a2d96731d421a632d55e4e8 | ELSA-2021-9268 | ol7_x86_64_olcne | |
| flannel-0.10.0-2.1.12.el7.x86_64.rpm | d1a61c41db2130f161b70a48f171038c08fca2e68a2d96731d421a632d55e4e8 | ELSA-2021-9268 | ol7_x86_64_olcne11 | |
| flannel-0.10.0-2.1.12.el7.x86_64.rpm | d1a61c41db2130f161b70a48f171038c08fca2e68a2d96731d421a632d55e4e8 | ELSA-2021-9268 | ol7_x86_64_olcne12 | |
| flannel-0.11.0-4.el7.x86_64.rpm | 12f8c7510a8607179698f3477a20db06ca1409762045e0b0e84b791fd6a0281c | ELSA-2021-9268 | ol7_x86_64_olcne12 | |
| flannel-0.12.0-1.el7.x86_64.rpm | be907ae6913deab99bc1fabac38548ff7414059ac160b1264fea1477d5bde3c5 | ELSA-2021-9268 | ol7_x86_64_olcne12 | |
| grafana-6.7.4-1.0.4.el7.x86_64.rpm | c9ac2183413bdea5069c3625471bd88507dbf7df3d15116a2682d6fb454b5179 | - | ol7_x86_64_olcne12 | |
| helm-3.3.4-1.el7.x86_64.rpm | ca6131d545d6387fe446bb1c36b21582d6efab4db88f5533060f70b4864c52c9 | ELSA-2024-12189 | ol7_x86_64_olcne12 | |
| istio-1.5.10-1.0.0.el7.x86_64.rpm | 9c51c5b55de7b24dd51a46250b7baf0640797f6a2723a38eb0bc60ae0c2fb2dc | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| istio-1.6.12-1.0.0.el7.x86_64.rpm | 3d2add210abdb9b77ea907cc88ff9b5e97e15fe9db0cc6df63f8a0bd74ed6e49 | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| istio-1.7.3-1.0.0.el7.x86_64.rpm | 6c17edfbbaabad73ba05f1f0687eef7ca169d4545308bb36ce1d2aa82e154446 | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| istio-istioctl-1.5.10-1.0.0.el7.x86_64.rpm | 520d6837b03ae3156937ce925b75ee45c038d02c9d6e2146789ea18e68ebc1c2 | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| istio-istioctl-1.6.12-1.0.0.el7.x86_64.rpm | c4ea06aa8542ed7f932bb199e414c5515677030d242052964e7c97676510be0e | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| istio-istioctl-1.7.3-1.0.0.el7.x86_64.rpm | 7f6616bd32f1a7824a81dbcfa3aecf52c17d6b63b81fc30b320bbcc1c48beda1 | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| kata-1.11.3-4.el7.x86_64.rpm | dfa8f8322691c34790d8a053cb28d9a0afa70ea69748cb43d9591fc229a5633f | ELSA-2024-12189 | ol7_x86_64_olcne12 | |
| kata-agent-1.11.3-3.el7.x86_64.rpm | c52a14da09e1913e46d6736b91543d5f21a8c31290b6359e670e8aafa75f0d56 | ELSA-2024-12189 | ol7_x86_64_olcne12 | |
| kata-image-1.11.3-3.3.ol7_202011040027.x86_64.rpm | a4b08e344b027d2369fc70a698aa1ed97c3c25fe50fae3f5c811340078ecc553 | ELSA-2024-12189 | ol7_x86_64_olcne12 | |
| kata-ksm-throttler-1.11.3-2.el7.x86_64.rpm | 5247e1393b953f2180e3b80b825c33e03b4f5f3a7c6e29e9a8a0ff42a32ceb94 | ELSA-2024-12189 | ol7_x86_64_olcne12 | |
| kata-proxy-1.11.3-2.el7.x86_64.rpm | 55b192f1237583bedc2f74bc25fdb172240ce653ceecd8ee37b8524210d61432 | ELSA-2024-12189 | ol7_x86_64_olcne12 | |
| kata-runtime-1.11.3-3.el7.x86_64.rpm | f7cabdd7f320cd1e56169293d4ef9236e0b417b405fcb2ec72f2267d73f23839 | ELSA-2024-12189 | ol7_x86_64_olcne12 | |
| kata-shim-1.11.3-2.el7.x86_64.rpm | f34a42db60313e394d5504af4e86265038a0dad4fa61833384dcc4725c3d5c52 | ELSA-2024-12189 | ol7_x86_64_olcne12 | |
| kernel-uek-container-5.4.17-2036.100.6.1.el7.x86_64.rpm | 86d0d5434988473aa94807151dea95d03fb515fd9e7a5a3bc5164a35630d2d06 | ELSA-2025-20190 | ol7_x86_64_UEKR6 | |
| kernel-uek-container-5.4.17-2036.100.6.1.el7.x86_64.rpm | 86d0d5434988473aa94807151dea95d03fb515fd9e7a5a3bc5164a35630d2d06 | ELSA-2025-20190 | ol7_x86_64_olcne12 | |
| kubeadm-1.18.10-2.el7.x86_64.rpm | 4f586f9209583f5fe130646d2227feb44918781ff3cc7cac7e47264a7e5ffc5a | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| kubectl-1.18.10-2.el7.x86_64.rpm | de51d6622d9e42840f3f093d0ed1688e1883f17dd91e6b02660d45d5bf26841b | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| kubelet-1.18.10-2.el7.x86_64.rpm | bc42d4b7fd76527bbfaf9aee3de3fd70fc3c039640a26c2664d405e8f54086cf | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| kubernetes-cni-0.8.0-2.el7.x86_64.rpm | 8a55ae15b0b66d2d03c9476bce6873b13dcf1e5ecb90f01f2d2fc45a34480fae | ELSA-2024-12189 | ol7_x86_64_olcne12 | |
| kubernetes-cni-plugins-0.8.7-1.el7.x86_64.rpm | bd167b6c1f13b8892bdbbd2a4fd5738a835a9e85df610207a108d8947d95b046 | ELBA-2024-18618 | ol7_x86_64_olcne12 | |
| kubernetes-dashboard-2.0.3-1.el7.x86_64.rpm | 5944b41b44c075ce3b37aba7312674be82e05951933a3b1a2cde0ad9f253fd87 | ELBA-2021-9240 | ol7_x86_64_olcne12 | |
| olcne-agent-1.2.0-3.el7.x86_64.rpm | 9ad4c73046664ca50707b02d4e50ec16f85d96fffb2e95c7a21d707eb72474e9 | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| olcne-api-server-1.2.0-3.el7.x86_64.rpm | ce6edafb5b7b3bd4f79b23e2d13e3ac5ff3512250f17708d9f76462f4e513699 | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| olcne-istio-chart-1.2.0-3.el7.x86_64.rpm | c333ebb50baa786418db08326b0a9715bfff95b2f482ffc6876fc8b40f2eea3e | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| olcne-nginx-1.2.0-3.el7.x86_64.rpm | 5c45b94fa33f52bcd8b81088f3f56b78a800f9db1ad0d843a1d8d0e899a46fe7 | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| olcne-prometheus-chart-1.2.0-3.el7.x86_64.rpm | 69b546d3d49978071c290402f36e4870a183c29cbe946ec2a3e7546e6b1e31e9 | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| olcne-selinux-1.0.0-6.el7.x86_64.rpm | 3f2c0a0885417994f182d6f6dcc0a938fe0e5d9f00c59b701c3aa40adc504d62 | ELBA-2023-12191 | ol7_x86_64_olcne12 | |
| olcne-selinux-1.0.0-6.el7.x86_64.rpm | 3f2c0a0885417994f182d6f6dcc0a938fe0e5d9f00c59b701c3aa40adc504d62 | ELBA-2023-12191 | ol7_x86_64_olcne13 | |
| olcne-utils-1.2.0-3.el7.x86_64.rpm | f8dc14b0a42197d707e9614f74f34d10995b3ef381a53ff600c23b28c55a9f29 | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| olcnectl-1.2.0-3.el7.x86_64.rpm | 3648769aa71463a5a7d29a0523184b4bf7f0dbc4671035dacff55522f1625dec | ELSA-2024-12329 | ol7_x86_64_olcne12 | |
| yq-3.4.0-1.el7.x86_64.rpm | 7211204ff4d08f5a3abd6bf8a9d2d54754cd59f54987296f072507c071b1f433 | ELSA-2024-12189 | ol7_x86_64_olcne12 | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
