ELSA-2020-5765

ULN >
Oracle Linux Errata repository >
ELSA-2020-5765

ELSA-2020-5765 - Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes kubernetes istio olcne security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2020-07-22

Description

kernel-uek-container
[4.14.35-1902.303.5.3.el7]
- rds: Deregister all FRWR mr with free_mr (Hans Westgaard Ry) [Orabug: 31476202]
- Revert 'rds: Do not cancel RDMAs that have been posted to the HCA' (Gerd Rausch) [Orabug: 31475329]
- Revert 'rds: Introduce rds_conn_to_path helper' (Gerd Rausch) [Orabug: 31475329]
- Revert 'rds: Three cancel fixes' (Gerd Rausch) [Orabug: 31475318]

[4.14.35-1902.303.5.2.el7]
- rds: Three cancel fixes (Hakon Bugge) [Orabug: 31463014]

[4.14.35-1902.303.5.1.el7]
- x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}
- x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}
- x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}
- x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}

[4.14.35-1902.303.5.el7]
- net/mlx5: Decrease default mr cache size (Artemy Kovalyov) [Orabug: 31446379]

[4.14.35-1902.303.4.el7]
- net/rds: suppress memory allocation failure reports (Manjunath Patil) [Orabug: 31422157]
- rds: Do not cancel RDMAs that have been posted to the HCA (Hakon Bugge) [Orabug: 31422151]
- rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31422151]

kata-image
[1.7.3-1.0.5.1]
- Address Kata CVE 2023

kata-runtime
[1.7.3-1.0.5]
- Address Kata CVE-2020-2023
- Address Kata CVE-2020-2024
- Address Kata CVE-2020-2025
- Address Kata CVE-2020-2026

kata
[1.7.3-1.0.7]
- Address CVE-2020-2023
- Address CVE-2020-2024
- Address CVE-2020-2025
- Address CVE-2020-2026

kubernetes
[1.14.9-1.0.6]
- CVE-2020-8559: Privilege escalation from compromised node to cluster
- CVE-2020-8557: Node disk DOS by writing to container /etc/hosts

[1.14.9-1.0.5]
- Update dependency on Kata containers to a build that includes fixes for CVE-2020-2023 thru CVE-2020-2026

kubernetes
[1.17.9-1.0.1.el7]
- Added Oracle specific build files for Kubernetes

istio
[1.4.10-1.0.1]
- CVE-2020-15104:
Incorrect validation of wildcard DNS Subject Alternative Names

[1.4.10-1.0.0]
- Added Oracle Specific Build Files for istio/istio

olcne
[1.1.2-6]
- Include kata-runtime in the default template

[1.1.2-5]
- CVE-2020-8559: Privilege escalation from compromised node to cluster
- CVE-2020-8557: Node disk DOS by writing to container /etc/hosts

[1.1.2-4]
- Update arguments added for istio module.

[1.1.2-3]
- Ensure Istio sidecar injector uses valid executable

[1.1.2-2]
- Update Kubernetes to use Kata 1.7.3-1.0.7 to address CVE-2020-2023 thru CVE-2020-2026

[1.1.2-1]
- Added istio-1.4.10 charts and updated istio.yaml to use istio-1.4.10

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (x86_64)	istio-1.4.10-1.0.1.el7.src.rpm	b56ab346c8c5673195440423e6319263577eb7122de6b23e102b437856e773d5	ELSA-2024-12329	ol7_x86_64_olcne11
	kata-1.7.3-1.0.7.el7.src.rpm	5b7ef2d5cd380e6f1693ca741c977541cca02fcfed4c2646284d366a889a2dbd	ELSA-2024-12189	ol7_x86_64_olcne
	kata-1.7.3-1.0.7.el7.src.rpm	5b7ef2d5cd380e6f1693ca741c977541cca02fcfed4c2646284d366a889a2dbd	ELSA-2024-12189	ol7_x86_64_olcne11
	kata-image-1.7.3-1.0.5.1.ol7_202007011859.src.rpm	7a23aa6a29124f298e598a11024ffb2e247fea959c57b42ecfd863857dff5aaa	ELSA-2024-12189	ol7_x86_64_olcne
	kata-image-1.7.3-1.0.5.1.ol7_202007011859.src.rpm	7a23aa6a29124f298e598a11024ffb2e247fea959c57b42ecfd863857dff5aaa	ELSA-2024-12189	ol7_x86_64_olcne11
	kata-runtime-1.7.3-1.0.5.el7.src.rpm	071b665b1e0c0d5e942860d10da09d821132f7b84e6ed6b3517876a9279239d8	ELSA-2024-12189	ol7_x86_64_olcne
	kata-runtime-1.7.3-1.0.5.el7.src.rpm	071b665b1e0c0d5e942860d10da09d821132f7b84e6ed6b3517876a9279239d8	ELSA-2024-12189	ol7_x86_64_olcne11
	kernel-uek-container-4.14.35-1902.303.5.3.el7.src.rpm	bf59da84fd2b53ddcde06efee9502e7be01e9e052d0f620ce4955c85713924c0	ELSA-2025-20190	ol7_x86_64_olcne
	kernel-uek-container-4.14.35-1902.303.5.3.el7.src.rpm	bf59da84fd2b53ddcde06efee9502e7be01e9e052d0f620ce4955c85713924c0	ELSA-2025-20190	ol7_x86_64_olcne11
	kubernetes-1.14.9-1.0.6.el7.src.rpm	9934654d25a08a71cda5736b0d71a7bc963f520184b9ca09485c0be8bca8a8ca	ELSA-2024-12329	ol7_x86_64_olcne
	kubernetes-1.14.9-1.0.6.el7.src.rpm	9934654d25a08a71cda5736b0d71a7bc963f520184b9ca09485c0be8bca8a8ca	ELSA-2024-12329	ol7_x86_64_olcne11
	kubernetes-1.17.9-1.0.1.el7.src.rpm	c5ea0e0ca1fbbb480438236f636a5e6c36ce5e6a435a10d9fc2331326e5ded91	ELSA-2024-12329	ol7_x86_64_olcne11
	olcne-1.1.2-6.el7.src.rpm	140949cb724e65b3b3ad1e68e1155336fa7c1b8b1e8f8aa33d27a0097ca8d51b	ELSA-2024-12329	ol7_x86_64_olcne11
	istio-1.4.10-1.0.1.el7.x86_64.rpm	dc3b77cd432da165823fda11521f1f3085a97d51247664025c1acc5900d217aa	ELSA-2024-12329	ol7_x86_64_olcne11
	istio-citadel-1.4.10-1.0.1.el7.x86_64.rpm	167949b58b776cffffee331b89cf57b6b4d2fc988ba600876022f730047e7433	ELSA-2020-5827	ol7_x86_64_olcne11
	istio-galley-1.4.10-1.0.1.el7.x86_64.rpm	e41cfcb667b1483b056a962a78b19838e0f7955f93a58775a704f40c8f86cafe	ELSA-2020-5827	ol7_x86_64_olcne11
	istio-istioctl-1.4.10-1.0.1.el7.x86_64.rpm	71b0f1218947d8d35980d8814c652b058fc5d8513e4bcb32a8d844ac6db40408	ELSA-2024-12329	ol7_x86_64_olcne11
	istio-mixc-1.4.10-1.0.1.el7.x86_64.rpm	c58303b06d1648740e05ef9e0a42738cafd431b37d9d483f0c154d17049ffcfb	ELSA-2020-5827	ol7_x86_64_olcne11
	istio-mixs-1.4.10-1.0.1.el7.x86_64.rpm	98bc9b4ab050e1c2b6a111c06efdb707491cfa30b99a97bc66e27fefbc916f3d	ELSA-2020-5827	ol7_x86_64_olcne11
	istio-node-agent-1.4.10-1.0.1.el7.x86_64.rpm	0606de374b15720982250070f4a3a5537ce3e63d01ea59928fe44542bf1a5829	ELSA-2020-5827	ol7_x86_64_olcne11
	istio-pilot-agent-1.4.10-1.0.1.el7.x86_64.rpm	3b74492dd2af9b2e0f8b1808d6b0ff3a6c10b65d819a2d1133decd042e06cb9a	ELSA-2020-5827	ol7_x86_64_olcne11
	istio-pilot-discovery-1.4.10-1.0.1.el7.x86_64.rpm	91e2a602add6c8cb1fb3e2456fd6fce6a39a4fa5395d925756770da080ff04c2	ELSA-2020-5827	ol7_x86_64_olcne11
	istio-proxy-init-1.4.10-1.0.1.el7.x86_64.rpm	c200b7207f17a27abf7784e9c4e1870a9a2e7aaadf4d02b1860d09d59fe5b4f9	ELSA-2020-5827	ol7_x86_64_olcne11
	istio-sidecar-injector-1.4.10-1.0.1.el7.x86_64.rpm	fea8be6c576f41f8f53f7e842bf4aba04e74ea9452ba89040e0d1f03987f8631	ELSA-2020-5827	ol7_x86_64_olcne11
	kata-1.7.3-1.0.7.el7.x86_64.rpm	c85a9e6f905e3d61a2cf7cbddac04c6389eae54614b2b23cf8486f97df9ec5da	ELSA-2024-12189	ol7_x86_64_olcne
	kata-1.7.3-1.0.7.el7.x86_64.rpm	c85a9e6f905e3d61a2cf7cbddac04c6389eae54614b2b23cf8486f97df9ec5da	ELSA-2024-12189	ol7_x86_64_olcne11
	kata-image-1.7.3-1.0.5.1.ol7_202007011859.x86_64.rpm	e09daef77514d54f5eb0963ba998e8f5e8cd0c46439dda736a05a8256d2832f9	ELSA-2024-12189	ol7_x86_64_olcne
	kata-image-1.7.3-1.0.5.1.ol7_202007011859.x86_64.rpm	e09daef77514d54f5eb0963ba998e8f5e8cd0c46439dda736a05a8256d2832f9	ELSA-2024-12189	ol7_x86_64_olcne11
	kata-runtime-1.7.3-1.0.5.el7.x86_64.rpm	08ea2f540a61c98f44b550dc9d294072f2a34f6deba35e2a259e301d3322e6d3	ELSA-2024-12189	ol7_x86_64_olcne
	kata-runtime-1.7.3-1.0.5.el7.x86_64.rpm	08ea2f540a61c98f44b550dc9d294072f2a34f6deba35e2a259e301d3322e6d3	ELSA-2024-12189	ol7_x86_64_olcne11
	kernel-uek-container-4.14.35-1902.303.5.3.el7.x86_64.rpm	e1b51d8d92368f46260959f1bb37121be35346ca8ec4ca94d458b5197de1057f	ELSA-2025-20190	ol7_x86_64_olcne
	kernel-uek-container-4.14.35-1902.303.5.3.el7.x86_64.rpm	e1b51d8d92368f46260959f1bb37121be35346ca8ec4ca94d458b5197de1057f	ELSA-2025-20190	ol7_x86_64_olcne11
	kubeadm-1.14.9-1.0.6.el7.x86_64.rpm	1abd9e5667f0dd2ed14d7b5db03c3e286829614534c93614aa1c2ec5e5c4d106	ELSA-2024-12329	ol7_x86_64_olcne
	kubeadm-1.14.9-1.0.6.el7.x86_64.rpm	1abd9e5667f0dd2ed14d7b5db03c3e286829614534c93614aa1c2ec5e5c4d106	ELSA-2024-12329	ol7_x86_64_olcne11
	kubeadm-1.17.9-1.0.1.el7.x86_64.rpm	cc60999423c5c4ed69aac729db20e6b038d6975aa5bcfe45885e23b9265bead7	ELSA-2024-12329	ol7_x86_64_olcne11
	kubectl-1.14.9-1.0.6.el7.x86_64.rpm	97cffc45fbf5cc2ba5dd8f8afe69d7b86b0e3570090e041567281bd3e15ae1a7	ELSA-2024-12329	ol7_x86_64_olcne
	kubectl-1.14.9-1.0.6.el7.x86_64.rpm	97cffc45fbf5cc2ba5dd8f8afe69d7b86b0e3570090e041567281bd3e15ae1a7	ELSA-2024-12329	ol7_x86_64_olcne11
	kubectl-1.17.9-1.0.1.el7.x86_64.rpm	5cc2e6236a0d60171ddc79e9b84ad5b50a286009ff32fe3f62040c717a99b52b	ELSA-2024-12329	ol7_x86_64_olcne11
	kubelet-1.14.9-1.0.6.el7.x86_64.rpm	44d5c18ed7ea313f8b33b0177746cbbbc5ce9753fb4ff7fb315a9abc1b5c6c2f	ELSA-2024-12329	ol7_x86_64_olcne
	kubelet-1.14.9-1.0.6.el7.x86_64.rpm	44d5c18ed7ea313f8b33b0177746cbbbc5ce9753fb4ff7fb315a9abc1b5c6c2f	ELSA-2024-12329	ol7_x86_64_olcne11
	kubelet-1.17.9-1.0.1.el7.x86_64.rpm	ef92f4ec9b0004fa63ec4a6ad60133efe00538f7c54295ffe1f5bc2da8d09a6d	ELSA-2024-12329	ol7_x86_64_olcne11
	olcne-agent-1.1.2-6.el7.x86_64.rpm	8954f1944b376c0554db1af49ea2e448b8fbef9e4052ed4884ef7f1bf2fa8b6e	ELSA-2024-12329	ol7_x86_64_olcne11
	olcne-api-server-1.1.2-6.el7.x86_64.rpm	9daa668849ef284262273348df25da7644601d7b91c396c27c3e0d09343e8d2d	ELSA-2024-12329	ol7_x86_64_olcne11
	olcne-istio-chart-1.1.2-6.el7.x86_64.rpm	4355104d7c468d39e5cb6870ccb9fd225e6b019b4c490a99e4c94a1c7d278611	ELSA-2024-12329	ol7_x86_64_olcne11
	olcne-nginx-1.1.2-6.el7.x86_64.rpm	a8afbd03c217a2ae84319f21765c3b7bf357b42585d9aa1c9a5e03704ff2ba29	ELSA-2024-12329	ol7_x86_64_olcne11
	olcne-prometheus-chart-1.1.2-6.el7.x86_64.rpm	054bf273c440813de690a645d532c1ac898e1097f80da5e4fc2791f0b9e22e19	ELSA-2024-12329	ol7_x86_64_olcne11
	olcne-utils-1.1.2-6.el7.x86_64.rpm	9eeb644e7a412a2c5c6841b512e9c59d0246eee47c7a065fbeb44f35e9d0a69b	ELSA-2024-12329	ol7_x86_64_olcne11
	olcnectl-1.1.2-6.el7.x86_64.rpm	5f8851fde2351fe7555c9b0984ff32a3b458dbbe6f12ab49d12a2824afa6ec23	ELSA-2024-12329	ol7_x86_64_olcne11

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691