ELSA-2022-10035

ELSA-2022-10035 - kubernetes security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2022-11-29

Description


kubernetes
[1.22.16-1]
- Added Oracle specific build files for Kubernetes
- Add preBuildOL8Commands to Jenkinsfile

kubernetes
[1.23.14-1]
- Added Oracle specific build files for Kubernetes

kubernetes
[1.24.8-1]
- Added Oracle specific build files for Kubernetes

olcne
[1.5.8-4]
- Fix 1.21 kubernetes version to align with last upstream release

[1.5.8-3]
- Increase timeout value for update module

[1.5.8-2]
- Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.24
- Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.23
- Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.22
- Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21

[1.5.8-1]
- Improve error reporting and logging when using olcnectl provision
- Environment creation is now idempotent

[1.5.7-6]
- Unpinned podman for OL7

[1.5.7-5]
- Updated the kubernetes-dashboard version to v2.5.1 in the registry-image-helper.sh script for kubernetes-1.24.5

[1.5.7-4]
- Upgraded helm-3.7.1 to 3.9.4

[1.5.7-3]
- Resolved kubernetes-1.22.14 upgrade issue

[1.5.7-2]
- Improve command and flag descriptions in olcnectl
- Automatically provision key material for the ExternalIP Webhook during olcnectl provision
- Ensure that olcnectl provision respects the desired SELinux configuration

[1.5.7-1]
- Upgrade Kubernetes to 1.24.5
- Upgrade Istio to 1.14.3
- Update OCI-CCM to 1.24.0 for kubernetes 1.24
- Update kubernetes-dashboard to v2.5.1
- Added support for custom profiles to the Istio module
- Added support for multiple instances of the Istio module with independent profiles
- Implemented automation within olcnectl for provisioning of Platform components
and modules for existing compute resources

[1.5.6-1]
- Upgraded kubernetes-1.23.7 to 1.23.11, 1.22.8 to 1.22.14 and 1.21.6 to 1.21.14
- Resolve Kubernetes CVE-2022-3172 for version 1.21
- Resolve Kubernetes CVE-2022-3172 for version 1.22
- Resolve Kubernetes CVE-2022-3172 for version 1.23

[1.5.5-1]
- Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045

[1.5.4-3]
- Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over

[1.5.4-2]
- Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227

[1.5.4-1]
- Upgrade Kubernetes to 1.23.7

[1.5.3-1]
- Address qemu CVE-2022-26353, CVE-2021-3748

[1.5.2-1]
- Excluded unnecessary directories from k8s backup files

[1.5.1-1]
- Fixed the bug in fetching node metadata for non-cloud nodes

[1.5.0-2]
- Upgrade Helm to 3.7.1-2

[1.5.0-2]
- fix null pointer exception in systemd service state validation

[1.5.0-1]
- Introduce support for compact Kubernetes clusters
- Introduce MetalLB
- Introduce Oracle Cloud Infrastructure Cloud Controller Manager
- Improved log messages in Platform API Server and Platform Agent
- Upgrade Kubernetes to 1.22.8
- Upgrade Istio to 1.13.2
- Renamed the oci-csi module to oci-ccm

[1.5.0-20.alpha]
- Update istio-1.13.2 grafana to 7.5.15

[1.5.0-14.alpha]
- Metallb fix

[1.5.0-11.alpha]
- Remove module directories when olcne rpm is uninstalled

[1.5.0-10.alpha]
- OCI CCM 0.13.0

[1.5.0-9.alpha]
- Reworked log messages

[1.5.0-8.alpha]
- Update Istio to 1.13.2(prometheus-2.31.1, grafana-8.4.6)

[1.5.0-7.alpha]
- Update Istio to 1.12.6(prometheus-2.30.1, grafana-7.5.15)

[1.5.0-6.alpha]
- Update to k8s 1.22 with golang 1.17

[1.5.0-5.alpha]
- Update internal docs for oci-ccm module

[1.5.0-4.alpha]
- Extend oci-ccm module to support load balancer

[1.5.0-3.alpha]
- Firewall pre-req

[1.5.0-2.alpha]
- Ensure that config map settings needed by metallb is preserved during k8s upgrade

[1.5.0-1.alpha]
- Metallb module

[1.4.1-14]
- Added 1.4 extra images to registry-image-helper.sh script

[1.4.1-13]
- Update sudoers file and changed its permissions to '0440'

[1.4.1-12]
- Update olcne-kubernetes.md file for 'compact' flag

[1.4.1-11]
- Ensure that the order of items in an upgraded config file is stable with respect to the original file

[1.4.1-10]
- Ensure that old olcnectl config files are upgraded

[1.4.1-9]
- Rename oci-csi module to oci-ccm and add support for oci-ccm loadbalancer creation

[1.4.1-8]
- Make 'compact' flag updatable

[1.4.1-7]
- Introduce 'compact' that enables control-plane nodes to run any workloads

[1.4.1-6]
- Ability to label 1 or more kubernetes nodes

[1.4.1-5]
- Fixed a bug where specifying a port in the container-registry argument
to the Kubernetes module would result in pods not being able to start.

[1.4.1-4]
- Update helm to 3.7.1

[1.4.1-3]
- Update versions to Istio-1.12.2, prometheus-2.31.1 and grafana-7.5.11

[1.4.1-2]
- Allow loadbalancer to be configured regardless of security list mode

[1.4.0-4]
- Fix bug in initialising certs manager when environment name not mentioned

[1.4.0-3]
- Fix bug in fetching report for multi-environment

[1.4.0-2]
- Pause image is 3.4.1

[1.4.0-1]
- CSI plugin
- Reports feature
- Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade
- Istio-1.9.4 to Istio-1.11.4 upgrade
- Component upgrades
- Config file feature

[1.3.0-13]
- Fix iptables issue when running on OL7 host using OL8 image

[1.3.0-12]
- Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007

[1.3.0-11]
- Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282]

[1.3.0-10]
- Fixed missing double semicolon in registry image helper

[1.3.0-9]


Related CVEs


CVE-2022-3294
CVE-2022-3162

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 7 (x86_64) kubernetes-1.22.16-1.el7.src.rpmd6c5f53cc93c1c27b893c54303c1acb79e961df5d2b317f9addd7ece17b47af4ELSA-2024-12329ol7_x86_64_olcne15
kubernetes-1.23.14-1.el7.src.rpmeddc6641cec21d8c8b4f131777689fc1df519c0beb0aac33309b9dffe3122af0ELSA-2024-12329ol7_x86_64_olcne15
kubernetes-1.24.8-1.el7.src.rpm71122fe4ecbbecd705ff9b8117659cd75d32a24e08d5aeed428f676335d76310ELSA-2024-12329ol7_x86_64_olcne15
olcne-1.5.8-4.el7.src.rpm50aae3165dbf033cd8ff05424e5aa9eb255399c878820c40cfdde2d0627cd834ELSA-2024-12329ol7_x86_64_olcne15
kubeadm-1.22.16-1.el7.x86_64.rpmadfec2096a8e600909d9f23b0d428dfb8ec0517779fec7a7fd0aea4e26f26f66ELSA-2024-12329ol7_x86_64_olcne15
kubeadm-1.23.14-1.el7.x86_64.rpm6c87eb47ba3c52b521af1a6bf64c453cdff7d8df6404fb713ccf95d9648614bdELSA-2024-12329ol7_x86_64_olcne15
kubeadm-1.24.8-1.el7.x86_64.rpm44eed6e77f73d1f5265ca66540b07aba636f4d0c436937a4d1edf75ba503c008ELSA-2024-12329ol7_x86_64_olcne15
kubectl-1.22.16-1.el7.x86_64.rpm3144975e5373b9828fdbb635ad4c4a302ea9ddc6901a9b8546dd7ab1c9547a56ELSA-2024-12329ol7_x86_64_olcne15
kubectl-1.23.14-1.el7.x86_64.rpm2668e79682a86cf81b2b558fef50e9b2622bd99b6ba7b5e947e5f6bee34080f7ELSA-2024-12329ol7_x86_64_olcne15
kubectl-1.24.8-1.el7.x86_64.rpmb4bd1930ea1891db35d285ae02dcabaaa6c06b299834dfd6fff7cd85044f8a98ELSA-2024-12329ol7_x86_64_olcne15
kubelet-1.22.16-1.el7.x86_64.rpm3dc67d7f19b20d038131fea79efc815a8c167dc4fd3188e24596b515e129551eELSA-2024-12329ol7_x86_64_olcne15
kubelet-1.23.14-1.el7.x86_64.rpm653603a959d5bcb1060e9769afdaf9ff4d5b24d892b3bfc8bac82b4c0e171eb1ELSA-2024-12329ol7_x86_64_olcne15
kubelet-1.24.8-1.el7.x86_64.rpm1fc3512d413a16af64f326c05d13933fa07a8f0cec1699aac40cb9e8ed031f53ELSA-2024-12329ol7_x86_64_olcne15
olcne-agent-1.5.8-4.el7.x86_64.rpm986f411a882d13ed4defe940472e6c129409834c4743ce9da32af854da9b7f11ELSA-2024-12329ol7_x86_64_olcne15
olcne-api-server-1.5.8-4.el7.x86_64.rpm42bd49b93252fcd5f51bb9b18695945da02cffbf703dd5e5a54f3c37f6e278a2ELSA-2024-12329ol7_x86_64_olcne15
olcne-gluster-chart-1.5.8-4.el7.x86_64.rpmd5a833840a7a2fe6b846cec09ccef0714c2bdd606d95c915fc4efef054a0b2f1ELSA-2024-12329ol7_x86_64_olcne15
olcne-grafana-chart-1.5.8-4.el7.x86_64.rpmc28c87293bb5e16c474459960ccc4e959217fb536eeee9ed33463ee9599bd583ELSA-2024-12329ol7_x86_64_olcne15
olcne-istio-chart-1.5.8-4.el7.x86_64.rpm463458fd2541f17ec29e97116f96ee9199ba0415680075c4486d1ad76923ed2dELSA-2024-12329ol7_x86_64_olcne15
olcne-metallb-chart-1.5.8-4.el7.x86_64.rpm1022a3625cf0f03e94eec7ab392f204434f01482360a2f8bbc39aa5ce46a66b5ELSA-2024-12329ol7_x86_64_olcne15
olcne-nginx-1.5.8-4.el7.x86_64.rpmc4dd6051eaa300f4db5a1e55841776146a9e39ab52d1532b7af7ed966721c10aELSA-2024-12329ol7_x86_64_olcne15
olcne-oci-ccm-chart-1.5.8-4.el7.x86_64.rpmdd3468fb94923ac5bffdd8dd5e7063a34ce033b8294d889c3a315aa05120d36cELSA-2024-12329ol7_x86_64_olcne15
olcne-olm-chart-1.5.8-4.el7.x86_64.rpm5ae0ed810d48500502ec345670303880d0f6ce194e61e7706ed5f89bfaeea663ELSA-2024-12329ol7_x86_64_olcne15
olcne-prometheus-chart-1.5.8-4.el7.x86_64.rpm2ff3b7824506dac6b1d3c39ecee867f949fa09cf8651b465a66c64e2718ec79fELSA-2024-12329ol7_x86_64_olcne15
olcne-utils-1.5.8-4.el7.x86_64.rpm03f1814781a1de6041d8e9c5b59012eef5d796ed95479630ad9bb2df8ffa68f8ELSA-2024-12329ol7_x86_64_olcne15
olcnectl-1.5.8-4.el7.x86_64.rpmb1790ae523aadc6cda714b6238c9a6e7b85902d137e4199f101361f819a80dc0ELSA-2024-12329ol7_x86_64_olcne15



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete