ELSA-2020-5766

ULN >
Oracle Linux Errata repository >
ELSA-2020-5766

ELSA-2020-5766 - Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes olcne security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2020-07-22

Description

kernel-uek-container
[4.14.35-1902.303.5.3.el7]
- rds: Deregister all FRWR mr with free_mr (Hans Westgaard Ry) [Orabug: 31476202]
- Revert 'rds: Do not cancel RDMAs that have been posted to the HCA' (Gerd Rausch) [Orabug: 31475329]
- Revert 'rds: Introduce rds_conn_to_path helper' (Gerd Rausch) [Orabug: 31475329]
- Revert 'rds: Three cancel fixes' (Gerd Rausch) [Orabug: 31475318]

[4.14.35-1902.303.5.2.el7]
- rds: Three cancel fixes (Hakon Bugge) [Orabug: 31463014]

[4.14.35-1902.303.5.1.el7]
- x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}
- x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}
- x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}
- x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}

[4.14.35-1902.303.5.el7]
- net/mlx5: Decrease default mr cache size (Artemy Kovalyov) [Orabug: 31446379]

[4.14.35-1902.303.4.el7]
- net/rds: suppress memory allocation failure reports (Manjunath Patil) [Orabug: 31422157]
- rds: Do not cancel RDMAs that have been posted to the HCA (Hakon Bugge) [Orabug: 31422151]
- rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31422151]
- xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 31422147]

kata-image
[1.7.3-1.0.5.1]
- Address Kata CVE 2023

kata-runtime
[1.7.3-1.0.5]
- Address Kata CVE-2020-2023
- Address Kata CVE-2020-2024
- Address Kata CVE-2020-2025
- Address Kata CVE-2020-2026

kata
[1.7.3-1.0.7]
- Address CVE-2020-2023
- Address CVE-2020-2024
- Address CVE-2020-2025
- Address CVE-2020-2026

kubernetes
[1.14.9-1.0.6]
- CVE-2020-8559: Privilege escalation from compromised node to cluster
- CVE-2020-8557: Node disk DOS by writing to container /etc/hosts

[1.14.9-1.0.5]
- Update dependency on Kata containers to a build that includes fixes for CVE-2020-2023 thru CVE-2020-2026

olcne
[1.0.5-3]
- update registry image mirroring script

[1.0.5-2]
- CVE-2020-8559: Privilege escalation from compromised node to cluster
- CVE-2020-8557: Node disk DOS by writing to container /etc/hosts
- Update bootstrap scripts

[1.0.5-1]
- Update Kata Containers to address CVEs 2020-2023 thru 2020-2026

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (x86_64)	kata-1.7.3-1.0.7.el7.src.rpm	5b7ef2d5cd380e6f1693ca741c977541cca02fcfed4c2646284d366a889a2dbd	ELSA-2024-12189	ol7_x86_64_olcne
	kata-1.7.3-1.0.7.el7.src.rpm	5b7ef2d5cd380e6f1693ca741c977541cca02fcfed4c2646284d366a889a2dbd	ELSA-2024-12189	ol7_x86_64_olcne11
	kata-image-1.7.3-1.0.5.1.ol7_202007011859.src.rpm	7a23aa6a29124f298e598a11024ffb2e247fea959c57b42ecfd863857dff5aaa	ELSA-2024-12189	ol7_x86_64_olcne
	kata-image-1.7.3-1.0.5.1.ol7_202007011859.src.rpm	7a23aa6a29124f298e598a11024ffb2e247fea959c57b42ecfd863857dff5aaa	ELSA-2024-12189	ol7_x86_64_olcne11
	kata-runtime-1.7.3-1.0.5.el7.src.rpm	071b665b1e0c0d5e942860d10da09d821132f7b84e6ed6b3517876a9279239d8	ELSA-2024-12189	ol7_x86_64_olcne
	kata-runtime-1.7.3-1.0.5.el7.src.rpm	071b665b1e0c0d5e942860d10da09d821132f7b84e6ed6b3517876a9279239d8	ELSA-2024-12189	ol7_x86_64_olcne11
	kernel-uek-container-4.14.35-1902.303.5.3.el7.src.rpm	bf59da84fd2b53ddcde06efee9502e7be01e9e052d0f620ce4955c85713924c0	ELSA-2025-20190	ol7_x86_64_olcne
	kernel-uek-container-4.14.35-1902.303.5.3.el7.src.rpm	bf59da84fd2b53ddcde06efee9502e7be01e9e052d0f620ce4955c85713924c0	ELSA-2025-20190	ol7_x86_64_olcne11
	kubernetes-1.14.9-1.0.6.el7.src.rpm	9934654d25a08a71cda5736b0d71a7bc963f520184b9ca09485c0be8bca8a8ca	ELSA-2024-12329	ol7_x86_64_olcne
	kubernetes-1.14.9-1.0.6.el7.src.rpm	9934654d25a08a71cda5736b0d71a7bc963f520184b9ca09485c0be8bca8a8ca	ELSA-2024-12329	ol7_x86_64_olcne11
	olcne-1.0.5-3.el7.src.rpm	f3a25986e16cbc039c95f4aca7beb13896175c4eb33721b6429e16c948a6567a	ELSA-2024-12329	ol7_x86_64_olcne
	kata-1.7.3-1.0.7.el7.x86_64.rpm	c85a9e6f905e3d61a2cf7cbddac04c6389eae54614b2b23cf8486f97df9ec5da	ELSA-2024-12189	ol7_x86_64_olcne
	kata-1.7.3-1.0.7.el7.x86_64.rpm	c85a9e6f905e3d61a2cf7cbddac04c6389eae54614b2b23cf8486f97df9ec5da	ELSA-2024-12189	ol7_x86_64_olcne11
	kata-image-1.7.3-1.0.5.1.ol7_202007011859.x86_64.rpm	e09daef77514d54f5eb0963ba998e8f5e8cd0c46439dda736a05a8256d2832f9	ELSA-2024-12189	ol7_x86_64_olcne
	kata-image-1.7.3-1.0.5.1.ol7_202007011859.x86_64.rpm	e09daef77514d54f5eb0963ba998e8f5e8cd0c46439dda736a05a8256d2832f9	ELSA-2024-12189	ol7_x86_64_olcne11
	kata-runtime-1.7.3-1.0.5.el7.x86_64.rpm	08ea2f540a61c98f44b550dc9d294072f2a34f6deba35e2a259e301d3322e6d3	ELSA-2024-12189	ol7_x86_64_olcne
	kata-runtime-1.7.3-1.0.5.el7.x86_64.rpm	08ea2f540a61c98f44b550dc9d294072f2a34f6deba35e2a259e301d3322e6d3	ELSA-2024-12189	ol7_x86_64_olcne11
	kernel-uek-container-4.14.35-1902.303.5.3.el7.x86_64.rpm	e1b51d8d92368f46260959f1bb37121be35346ca8ec4ca94d458b5197de1057f	ELSA-2025-20190	ol7_x86_64_olcne
	kernel-uek-container-4.14.35-1902.303.5.3.el7.x86_64.rpm	e1b51d8d92368f46260959f1bb37121be35346ca8ec4ca94d458b5197de1057f	ELSA-2025-20190	ol7_x86_64_olcne11
	kubeadm-1.14.9-1.0.6.el7.x86_64.rpm	1abd9e5667f0dd2ed14d7b5db03c3e286829614534c93614aa1c2ec5e5c4d106	ELSA-2024-12329	ol7_x86_64_olcne
	kubeadm-1.14.9-1.0.6.el7.x86_64.rpm	1abd9e5667f0dd2ed14d7b5db03c3e286829614534c93614aa1c2ec5e5c4d106	ELSA-2024-12329	ol7_x86_64_olcne11
	kubectl-1.14.9-1.0.6.el7.x86_64.rpm	97cffc45fbf5cc2ba5dd8f8afe69d7b86b0e3570090e041567281bd3e15ae1a7	ELSA-2024-12329	ol7_x86_64_olcne
	kubectl-1.14.9-1.0.6.el7.x86_64.rpm	97cffc45fbf5cc2ba5dd8f8afe69d7b86b0e3570090e041567281bd3e15ae1a7	ELSA-2024-12329	ol7_x86_64_olcne11
	kubelet-1.14.9-1.0.6.el7.x86_64.rpm	44d5c18ed7ea313f8b33b0177746cbbbc5ce9753fb4ff7fb315a9abc1b5c6c2f	ELSA-2024-12329	ol7_x86_64_olcne
	kubelet-1.14.9-1.0.6.el7.x86_64.rpm	44d5c18ed7ea313f8b33b0177746cbbbc5ce9753fb4ff7fb315a9abc1b5c6c2f	ELSA-2024-12329	ol7_x86_64_olcne11
	olcne-agent-1.0.5-3.el7.x86_64.rpm	97eb771bf0abb1db5401dfdba5702b6acf895dec31f2aef0626d8c3e33826700	ELSA-2024-12329	ol7_x86_64_olcne
	olcne-api-server-1.0.5-3.el7.x86_64.rpm	48be5c5194f6c5bf2dffa685e70201af915ad7ed9bdea3cac1972d79941520e2	ELSA-2024-12329	ol7_x86_64_olcne
	olcne-nginx-1.0.5-3.el7.x86_64.rpm	fa601a56e55902bc750aa7a86faeadf34ec837c480292727ead3576f7ceb267a	ELSA-2024-12329	ol7_x86_64_olcne
	olcne-utils-1.0.5-3.el7.x86_64.rpm	453cbb9b6b8f3e9612f869cd26b7e8c428de1db61ad042a49becdaf049cbc581	ELSA-2024-12329	ol7_x86_64_olcne
	olcnectl-1.0.5-3.el7.x86_64.rpm	dedb03edad72696bec6296a99788294939fa547be698df2d76fa4b6017be2ed2	ELSA-2024-12329	ol7_x86_64_olcne

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691