ELBA-2024-12356
- ULN >
- Oracle Linux Errata repository >
- ELBA-2024-12356
ELBA-2024-12356 - olcne 1.8 bug fix update
| Type: | BUG |
| Impact: | NA |
| Release Date: | 2024-05-13 |
Description
cri-o
[1.27.2-3]
- Address CVE-2024-24786
[1.27.2-2]
- Address CVE-2023-39326, update golang version to 1.20.12
[1.27.2-1]
- Added Oracle Specifile Files for cri-o
cri-o
[1.28.4-1]
- Address protobuf [CVE-2024-24786]
- Added Oracle Specifile Files for cri-o
cri-tools
[1.27.1-3]
- Address CVE-2024-24786
[1.27.1-2]
- Address CVE-2023-39326, update golang version to 1.20.12
[1.27.1-1]
- Added Oracle Specific Build Files for cri-tools
cri-tools
[1.28.0-3]
- Address CVE-2024-24786
[1.28.0-2]
- Address CVE-2023-39326, update golang version to 1.20.12
[1.28.0-1]
- Added Oracle Specific Build Files for cri-tools
etcd
[3.5.10-3]
- Address protobuf [CVE-2024-24786]
[3.5.10-1]
- Added Oracle specific build files
istio
[1.18.7-1]
- Address CVE-2024-23322, CVE-2024-23323, CVE-2024-23324, CVE-2024-23325, CVE-2024-23327
istio
[1.19.9-1]
- Added Oracle specific files for 1.19.9-1
- Updated protobuf to address [CVE-2024-24786]
kata-containers
[3.2.0-3]
- Obsoletes previous kata-agent
[3.2.0-2]
- Added missing third party license and security markdown
[3.2.0-1]
- Added Oracle Specific Build Files for kata-containers
kubernetes
[1.27.12-1]
- Added Oracle specific build files for Kubernetes
kubernetes
[1.28.8-1]
- Added Oracle specific build files for Kubernetes
olcne
[1.8.2-3]
- Uptake Istio-1.18.7 and Istio-1.19.9
- Update Kubernetes-1.27.12 and Kubernetes-1.28.8
- Integrate Kata containers 3.2.0
- Update Module-Operator v1.8.2 and OCI-CCM 1.27.2
[1.8.1-2]
- Clean up spec file
[1.8.1-1]
- Fix OLM upgrade failure - upgrade from 0.17.0 to 0.23.1 failed due to a couple of crds missing
- Add hostpathRequiresPrivilged value to rook template cr to be passed to module operator
- Fixed Istio-1.18 and Istio-1.19 installation on aarch64 architecture
- Fixed unable to deploy new module(s) using config file containing already existing modules
- Corrected olcne repo version in the prompt text of the 'olcnectl provision' command
- Update modules and components built with golang 1.20.12 to address CVE-2023-39326
- add conmon resource to kubernetes module
- Fix OLM upgrade failure - same version upgrade failure
- Migrate ModuleOperator from verrazzano-install to ocne-modules namespace
- Fix multiple install during provision
[1.8.0-2]
- Update kubernetes 1.27 and 1.28 to use helm:3.12.0-4
[1.8.0-1]
- Uptake Istio-1.18.6 and Istio-1.19.5
- calico 3.25.1
- Update Prometheus and Grafana images
- Update k8s 1.27, 1.28 and externalip-webhook
- Update conmon to 2.1.3-8
- OLM 0.23.1 and rook 1.12.3
- kubernetes-dashboard:v2.7.0-2
- multus 4.0.2
[1.8.0-1]
- Fix upgrade k8s upgrade issue for version less than 1.27
- Fix upgrade issue from 1.6.x -> 1.7.5
- Update module-operator to 1.8.0 to uptake OCI-CCM-1.27.0
- Fix registry-image-helper.sh to support multi-architecture images using image digest
- Default to k8s 1.28.3
- Update rook to 1.12.3 and add aarch64 build support
- Update metallb 0.13.10 to address CVE-2023-44487 and CVE-2023-39325
- Update Kubernetes to 1.27 and 1.28
- Update multus-cni 3.9.3 to address CVE-2023-44487 and CVE-2023-39325
- Update multus-cni 4.0.1 to address CVE-2023-44487 and CVE-2023-39325
- Update calico-3.25.0 and 3.25.1 to address CVE-2023-44487, CVE-2023-39325
- Update rook-1.10.9 to address golang CVE-2023-44487, CVE-2023-39325
- Update helm 3.11.1 to address CVE-2023-44487 and CVE-2023-39325
- Add Istio-1.17.8, Istio-1.18.5, and Istio-1.19.3 to address CVE's
- Update Istio-1.16.7, Grafana-7.5.15, Prometheus-2.31.1, and Kubernetes-dashboard:v2.7.0-1 to address CVE's
- Update configmap-registry to 1.28.0 to address CVE-2023-44487 and CVE-2023-39325
- Update rook-1.11.6 to address golang CVE-2023-44487, CVE-2023-39325
- Update kubernets 1.25.15 and 1.26.10 to address CVE-2023-44487 and CVE-2023-39325
- update configmap-registry to 1.28.0 to address CVE-2023-44487 and CVE-2023-39325
- Update kubevirt 0.58.0 to address CVE-2023-44487 and CVE-2023-39325
- Update helm 3.12.0 to Address CVE-2023-44487 and CVE-2023-39325
- Update kubernetes-dashboard to v2.7.0
- Add olm 0.23.1 charts
- Update the default kubevirt module version to 0.59.0
- Add ability to stream logs from the OCNE API Server to olcnectl
- Install rook via module operator
- hostnames case insensitve comparison
- Improve registry-image-helper.sh to support multi-arch images
- Remove ol9_developer_UEKR7 repo reference from constants.go
- Install kubevirt via module operator
- Mofify kubevirt image tag to use virt-operator tag instead of kubevirt-version
- Update kubevirt image versions fixing selinux=enforce not being supported
- Add Istio-1.17.5 and Istio-1.16.7 to address CVE's
- Add support for aarch64 architecture
- Update kubernetes version to 1.26.6-2 which contains aarch64 support
- Install metallb module 0.13.10 via module operator
- Add multus 4.0.2 via module operator
- Remove worker-nodes enforcement from olcnectl provision
[1.7.0-1]
- Add extra-images to module config file
- Upgrade issues when calico is the default network
- Update Kubernetes module updatepath to accomodate 1.24.15 & 1.25.11
- Removed the metallb prefix from 0.13.9 container image names
- Upgrade with GlusterFS installed succeeds
- Add forward-policies.service to OL9 agent
- Update istio-istioctl version for istio-1.17.2
- Install virtctl on api-server
- Add support for Oracle Linux 9
- Add rook and kubevirt to packages
- Upgraded Kubernetes module to Kubernetes-1.26.6
- Update Calico to 3.25.1
- Add all modules to registry-image-helper
- Update yq >=4.1
- Update Multus to version 4.0.1
- Install module-operator into kubernetes cluster
- Migrate oci-ccm to install as operator managed by module-operator
- Update rook to 1.11.6
- Upgraded Kubernetes module to Kubernetes-1.26.5
- Update Istio to 1.17.2
- Address an issue with the Rook module where Ceph clusters could not start
due to insufficient privilege on nodes where selinux=enforcing.
- Add olcne-ol8-post-leapp-upgrade script
This is a post leapp upgrade requirement; it is called from leapp.
- Upgrade Metallb module from 0.12.1 to version 0.13.9
- Support configuration using resource, configmap or data section of a configmap
[1.6.0-14]
- Update Istio version to 1.16.4 to address CVE's
- CVE-2023-27496
- CVE-2023-27488
- CVE-2023-27493
- CVE-2023-27492
- CVE-2023-27491
- CVE-2023-27487
[1.6.0-13]
- Update Istio version to 1.15.7 to address CVE's
- CVE-2023-27496
- CVE-2023-27488
- CVE-2023-27493
- CVE-2023-27492
- CVE-2023-27491
- CVE-2023-27487
[1.6.0-12]
- Update Metallb to version 0.13.9
[1.6.0-11]
- Bug fix - Append a slash in oci-instance-metada url
[1.6.0-9]
- Multus fix
[1.6.0-8]
- Update kubelet for upstream runc misc cgroups patch
[1.6.0-7]
- Updated qemu-kvm from module stream virt:kvm_utils to virt:kvm_utils2
[1.6.0-6]
- Fixed helm installation in OLCNE upgrade
[1.6.0-4]
- Removed PodSecurityPolicy from the Grafana Helm chart due to the removal of the API in Kubernetes 1.25
- Fixed an issue where creating an instance of the Istio module without Helm already installed would fail
[1.6.0-3]
- Move template to olcne-api-server and provide default calico config
[1.6.0-2]
- Update KubeVirt version to 0.58.0
[1.6.0-1]
- Update Kubernetes version to 1.25.7
- Update Helm version to 3.11.1
- Update Istio version to 1.16.2
- Add Calico CNI 3.25
- Add Multus CNI 3.9.3
- Technical preview for KubeVirt 0.52.0
- Technical preview for Rook 1.10.9
- Add subcommand to olcnectl that lists version information for modules
- Add support for --control-plane-nodes argument to the Kubernetes module for specifying control plane nodes
- olcnectl provision can now update existing module instances
- Deprecate Helm module in favor of automatically installing Helm with Kubernetes
- Deprecate --master-nodes argument to the Kubernetes module
- Deprecate Kata container runtime
- Deprecate Flannel CNI
- Deprecate GlusterFS CSI Driver
[1.5.11-1]
- Expose metrics endpoints for kube-system services
- Support installation with or without firewalld running
- Open port 9100 on nodes when installing Kubernetes module
- Make disable swap persist after reboot of control plane node
[1.5.10-2]
- Update istio to 1.15.3 to address Istio CVE-2022-392787
[1.5.9-1]
- Fix a regression during provisioning where arguments for the externalip restriction webhook are handled incorrectly
[1.5.8-4]
- Fix 1.21 kubernetes version to align with last upstream release
[1.5.8-3]
- Increase timeout value for update module
[1.5.8-2]
- Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.24
- Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.23
- Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.22
- Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21
[1.5.8-1]
- Improve error reporting and logging when using olcnectl provision
- Environment creation is now idempotent
[1.5.7-6]
- Unpinned podman for OL7
[1.5.7-5]
- Updated the kubernetes-dashboard version to v2.5.1 in the registry-image-helper.sh script for kubernetes-1.24.5
[1.5.7-4]
- Upgraded helm-3.7.1 to 3.9.4
[1.5.7-3]
- Resolved kubernetes-1.22.14 upgrade issue
[1.5.7-1]
- Upgrade Kubernetes to 1.24.5
- Upgrade Istio to 1.14.3
- Update OCI-CCM to 1.24.0 for kubernetes 1.24
- Update kubernetes-dashboard to v2.5.1
- Added support for custom profiles to the Istio module
- Added support for multiple instances of the Istio module with independent profiles
- Implemented automation within olcnectl for provisioning of Platform components
and modules for existing compute resources
[1.5.6-1]
- Upgraded kubernetes-1.23.7 to 1.23.11, 1.22.8 to 1.22.14 and 1.21.6 to 1.21.14
- Resolve Kubernetes CVE-2022-3172 for version 1.21
- Resolve Kubernetes CVE-2022-3172 for version 1.22
- Resolve Kubernetes CVE-2022-3172 for version 1.23
[1.5.5-1]
- Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045
[1.5.4-3]
- Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over
[1.5.4-2]
- Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227
[1.5.4-1]
- Upgrade Kubernetes to 1.23.7
[1.5.3-1]
- Address qemu CVE-2022-26353, CVE-2021-3748
[1.5.2-1]
- Excluded unnecessary directories from k8s backup files
[1.5.1-1]
- Fixed the bug in fetching node metadata for non-cloud nodes
virtiofsd
[1.8.0-3]
- Added Oracle-specific build files.
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
