ELSA-2022-10034

ELSA-2022-10034 - kubernetes security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2022-11-29

Description


kubernetes
[1.21.14-3]
- Addresses CVE-2022-3294 & CVE-2022-3162

[1.21.14-2]
- Fixed kubernetes-cni version.

[1.21.14-1]
- Addresses CVE-2022-3172

olcne
[1.4.9-2]
- Fix 1.21 kubernetes version to align with last upstream release

[1.4.9-1]
- Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21

[1.4.8-3]
- Unpinned podman for OL7

[1.4.8-2]
- Updated Kubernetes package release version to 1.21.6-2

[1.4.8-1]
- Upgraded kubernetes-1.21.6 to 1.21.14
- Resolve Kubernetes CVE-2022-3172 for version 1.21

[1.4.7-1]
- Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045

[1.4.6-2]
- Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over
- Update gen-certs-helper script to skip printing olcne_transfer_script execution
- Cleanup grpc connection when node not found and use substr method in case fqdn used for hostname

[1.4.6-1]
- Adress Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227

[1.4.5-1]
- Address qemu CVE-2022-26353, CVE-2021-3748

[1.4.4-1]
- Excluded unnecessary directories from k8s backup files

[1.4.3-1]
- Update Istio to 1.13.2

[1.4.2-1]
- Added 1.4 extra images to registry-image-helper.sh script

[1.4.1-4]
- Ensure that the order of items in an upgraded config file is stable with respect to the original file
- Ensure that old olcnectl config files are upgraded

[1.4.1-3]
- Fixed a bug where specifying a port in the container-registry argument
to the Kubernetes module would result in pods not being able to start.

[1.4.1-2]
- Allow loadbalancer to be configured regardless of security list mode

[1.4.1-1]
- Fix bug in initialising certs manager when environment name not mentioned

[1.4.0-3]
- Fix bug in fetching report for multi-environment

[1.4.0-2]
- Pause image is 3.4.1

[1.4.0-1]
- CSI plugin
- Reports feature
- Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade
- Istio-1.9.4 to Istio-1.11.4 upgrade
- Component upgrades
- Config file feature

[1.3.0-13]
- Fix iptables issue when running on OL7 host using OL8 image

[1.3.0-12]
- Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007

[1.3.0-11]
- Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282]

[1.3.0-10]
- Fixed missing double semicolon in registry image helper

[1.3.0-9]


Related CVEs


CVE-2022-3162
CVE-2022-3294

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (x86_64) kubernetes-1.21.14-3.el8.src.rpm7586c849c035b3732409878e85fe1ddb-
olcne-1.4.9-2.el8.src.rpm6aad4c6d8e5ee00114a12403c5db5ec7-
kubeadm-1.21.14-3.el8.x86_64.rpm5c3e69466821daa509b26f19eaa7ffa0-
kubectl-1.21.14-3.el8.x86_64.rpmd0f09b47714ee05e0aac2ad8430142b6-
kubelet-1.21.14-3.el8.x86_64.rpm9376c0ab20c685e91652e74a2f695c43-
olcne-agent-1.4.9-2.el8.x86_64.rpm610797049aff507e6796c54efb032a0b-
olcne-api-server-1.4.9-2.el8.x86_64.rpm7b2ce2d9434a04649b6ac87aa10d471a-
olcne-gluster-chart-1.4.9-2.el8.x86_64.rpm6bf9b7851eb611182dcdd3203f689e4e-
olcne-grafana-chart-1.4.9-2.el8.x86_64.rpm65bc034302a7b8af86ead25814a385c5-
olcne-istio-chart-1.4.9-2.el8.x86_64.rpmaf95ab7d458c4262e3f91ca456055179-
olcne-nginx-1.4.9-2.el8.x86_64.rpma9b74ec15f400eba2a9a60191e06885e-
olcne-oci-csi-chart-1.4.9-2.el8.x86_64.rpma9050b549627faa8862a1482e1af1695-
olcne-olm-chart-1.4.9-2.el8.x86_64.rpme5a048693051f81bc71566d6e530daf3-
olcne-prometheus-chart-1.4.9-2.el8.x86_64.rpm0bbb142f2bd86370bfa1e5e3adfc7c76-
olcne-utils-1.4.9-2.el8.x86_64.rpm8fe422c645f53991021dbdb10147e061-
olcnectl-1.4.9-2.el8.x86_64.rpma2264c49fd5bda245cf9a691bca70e8b-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete