ELSA-2020-5766

ELSA-2020-5766 - Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes olcne security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2020-07-22

Description


kernel-uek-container
[4.14.35-1902.303.5.3.el7]
- rds: Deregister all FRWR mr with free_mr (Hans Westgaard Ry) [Orabug: 31476202]
- Revert 'rds: Do not cancel RDMAs that have been posted to the HCA' (Gerd Rausch) [Orabug: 31475329]
- Revert 'rds: Introduce rds_conn_to_path helper' (Gerd Rausch) [Orabug: 31475329]
- Revert 'rds: Three cancel fixes' (Gerd Rausch) [Orabug: 31475318]

[4.14.35-1902.303.5.2.el7]
- rds: Three cancel fixes (Hakon Bugge) [Orabug: 31463014]

[4.14.35-1902.303.5.1.el7]
- x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}
- x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}
- x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}
- x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}

[4.14.35-1902.303.5.el7]
- net/mlx5: Decrease default mr cache size (Artemy Kovalyov) [Orabug: 31446379]

[4.14.35-1902.303.4.el7]
- net/rds: suppress memory allocation failure reports (Manjunath Patil) [Orabug: 31422157]
- rds: Do not cancel RDMAs that have been posted to the HCA (Hakon Bugge) [Orabug: 31422151]
- rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31422151]
- xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 31422147]

kata-image
[1.7.3-1.0.5.1]
- Address Kata CVE 2023

kata-runtime
[1.7.3-1.0.5]
- Address Kata CVE-2020-2023
- Address Kata CVE-2020-2024
- Address Kata CVE-2020-2025
- Address Kata CVE-2020-2026

kata
[1.7.3-1.0.7]
- Address CVE-2020-2023
- Address CVE-2020-2024
- Address CVE-2020-2025
- Address CVE-2020-2026


kubernetes
[1.14.9-1.0.6]
- CVE-2020-8559: Privilege escalation from compromised node to cluster
- CVE-2020-8557: Node disk DOS by writing to container /etc/hosts

[1.14.9-1.0.5]
- Update dependency on Kata containers to a build that includes fixes for CVE-2020-2023 thru CVE-2020-2026

olcne
[1.0.5-3]
- update registry image mirroring script

[1.0.5-2]
- CVE-2020-8559: Privilege escalation from compromised node to cluster
- CVE-2020-8557: Node disk DOS by writing to container /etc/hosts
- Update bootstrap scripts

[1.0.5-1]
- Update Kata Containers to address CVEs 2020-2023 thru 2020-2026


Related CVEs


CVE-2020-8557
CVE-2020-2024
CVE-2020-2026
CVE-2020-2025
CVE-2020-8559

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) kata-1.7.3-1.0.7.el7.src.rpmf2f27d48aff324e7fdc9682e66440e71ELSA-2020-5828
kata-image-1.7.3-1.0.5.1.ol7_202007011859.src.rpm19826a00ecf8ed689b59bb4e2f47a4fbELSA-2020-5828
kata-runtime-1.7.3-1.0.5.el7.src.rpm045284a6cc848ff586989da9b8df522dELSA-2020-5828
kernel-uek-container-4.14.35-1902.303.5.3.el7.src.rpm29588eb84034a93fd5d2bd240bd0faa4ELBA-2020-5886
kubernetes-1.14.9-1.0.6.el7.src.rpm0bc81a8d2123e9dda393594126a0d417ELSA-2020-5827
olcne-1.0.5-3.el7.src.rpmc9454a3662c4fa6a4f488537fbd6ed68ELBA-2020-5898
kata-1.7.3-1.0.7.el7.x86_64.rpm8d2e9d89840d199d8b7ecb8743b15263ELSA-2020-5828
kata-image-1.7.3-1.0.5.1.ol7_202007011859.x86_64.rpmdf1a5e7c5fee5c4ded6c16f9c34a747cELSA-2020-5828
kata-runtime-1.7.3-1.0.5.el7.x86_64.rpm288acb968acbabe0eaac365f696dea99ELSA-2020-5828
kernel-uek-container-4.14.35-1902.303.5.3.el7.x86_64.rpmb4e840fe443d1fd491ddf0ad3a6e4837ELBA-2020-5886
kubeadm-1.14.9-1.0.6.el7.x86_64.rpm878d9174f6ee8242832941dde939b3f4ELSA-2020-5827
kubectl-1.14.9-1.0.6.el7.x86_64.rpm870016e37fdd5580e811c63345bcfd08ELSA-2020-5827
kubelet-1.14.9-1.0.6.el7.x86_64.rpm74fdc5a1cd41fee47003c25c494956bdELSA-2020-5827
olcne-agent-1.0.5-3.el7.x86_64.rpm8cffc0bf1992b32fcd4820ab0b38cd94ELBA-2020-5898
olcne-api-server-1.0.5-3.el7.x86_64.rpma564acee8df0e8e220ad8fb7e6ada9b1ELBA-2020-5898
olcne-nginx-1.0.5-3.el7.x86_64.rpmccfb9b8382f04469b592f2a67c7da552ELBA-2020-5898
olcne-utils-1.0.5-3.el7.x86_64.rpmba8c50658e129e386952032756c0ae52ELBA-2020-5898
olcnectl-1.0.5-3.el7.x86_64.rpmf55e44f0714d3983ea4127572bacb77cELBA-2020-5898



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete