ELSA-2022-10036
- ULN >
- Oracle Linux Errata repository >
- ELSA-2022-10036
ELSA-2022-10036 - kubernetes security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2022-11-29 |
Description
kubernetes
[1.22.16-1]
- Added Oracle specific build files for Kubernetes
- Add preBuildOL8Commands to Jenkinsfile
kubernetes
[1.23.14-1]
- Added Oracle specific build files for Kubernetes
kubernetes
[1.24.8-1]
- Added Oracle specific build files for Kubernetes
olcne
[1.5.8-4]
- Fix 1.21 kubernetes version to align with last upstream release
[1.5.8-3]
- Increase timeout value for update module
[1.5.8-2]
- Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.24
- Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.23
- Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.22
- Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21
[1.5.8-1]
- Improve error reporting and logging when using olcnectl provision
- Environment creation is now idempotent
[1.5.7-6]
- Unpinned podman for OL7
[1.5.7-5]
- Updated the kubernetes-dashboard version to v2.5.1 in the registry-image-helper.sh script for kubernetes-1.24.5
[1.5.7-4]
- Upgraded helm-3.7.1 to 3.9.4
[1.5.7-3]
- Resolved kubernetes-1.22.14 upgrade issue
[1.5.7-2]
- Improve command and flag descriptions in olcnectl
- Automatically provision key material for the ExternalIP Webhook during olcnectl provision
- Ensure that olcnectl provision respects the desired SELinux configuration
[1.5.7-1]
- Upgrade Kubernetes to 1.24.5
- Upgrade Istio to 1.14.3
- Update OCI-CCM to 1.24.0 for kubernetes 1.24
- Update kubernetes-dashboard to v2.5.1
- Added support for custom profiles to the Istio module
- Added support for multiple instances of the Istio module with independent profiles
- Implemented automation within olcnectl for provisioning of Platform components
and modules for existing compute resources
[1.5.6-1]
- Upgraded kubernetes-1.23.7 to 1.23.11, 1.22.8 to 1.22.14 and 1.21.6 to 1.21.14
- Resolve Kubernetes CVE-2022-3172 for version 1.21
- Resolve Kubernetes CVE-2022-3172 for version 1.22
- Resolve Kubernetes CVE-2022-3172 for version 1.23
[1.5.5-1]
- Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045
[1.5.4-3]
- Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over
[1.5.4-2]
- Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227
[1.5.4-1]
- Upgrade Kubernetes to 1.23.7
[1.5.3-1]
- Address qemu CVE-2022-26353, CVE-2021-3748
[1.5.2-1]
- Excluded unnecessary directories from k8s backup files
[1.5.1-1]
- Fixed the bug in fetching node metadata for non-cloud nodes
[1.5.0-2]
- Upgrade Helm to 3.7.1-2
[1.5.0-2]
- fix null pointer exception in systemd service state validation
[1.5.0-1]
- Introduce support for compact Kubernetes clusters
- Introduce MetalLB
- Introduce Oracle Cloud Infrastructure Cloud Controller Manager
- Improved log messages in Platform API Server and Platform Agent
- Upgrade Kubernetes to 1.22.8
- Upgrade Istio to 1.13.2
- Renamed the oci-csi module to oci-ccm
[1.5.0-20.alpha]
- Update istio-1.13.2 grafana to 7.5.15
[1.5.0-14.alpha]
- Metallb fix
[1.5.0-11.alpha]
- Remove module directories when olcne rpm is uninstalled
[1.5.0-10.alpha]
- OCI CCM 0.13.0
[1.5.0-9.alpha]
- Reworked log messages
[1.5.0-8.alpha]
- Update Istio to 1.13.2(prometheus-2.31.1, grafana-8.4.6)
[1.5.0-7.alpha]
- Update Istio to 1.12.6(prometheus-2.30.1, grafana-7.5.15)
[1.5.0-6.alpha]
- Update to k8s 1.22 with golang 1.17
[1.5.0-5.alpha]
- Update internal docs for oci-ccm module
[1.5.0-4.alpha]
- Extend oci-ccm module to support load balancer
[1.5.0-3.alpha]
- Firewall pre-req
[1.5.0-2.alpha]
- Ensure that config map settings needed by metallb is preserved during k8s upgrade
[1.5.0-1.alpha]
- Metallb module
[1.4.1-14]
- Added 1.4 extra images to registry-image-helper.sh script
[1.4.1-13]
- Update sudoers file and changed its permissions to '0440'
[1.4.1-12]
- Update olcne-kubernetes.md file for 'compact' flag
[1.4.1-11]
- Ensure that the order of items in an upgraded config file is stable with respect to the original file
[1.4.1-10]
- Ensure that old olcnectl config files are upgraded
[1.4.1-9]
- Rename oci-csi module to oci-ccm and add support for oci-ccm loadbalancer creation
[1.4.1-8]
- Make 'compact' flag updatable
[1.4.1-7]
- Introduce 'compact' that enables control-plane nodes to run any workloads
[1.4.1-6]
- Ability to label 1 or more kubernetes nodes
[1.4.1-5]
- Fixed a bug where specifying a port in the container-registry argument
to the Kubernetes module would result in pods not being able to start.
[1.4.1-4]
- Update helm to 3.7.1
[1.4.1-3]
- Update versions to Istio-1.12.2, prometheus-2.31.1 and grafana-7.5.11
[1.4.1-2]
- Allow loadbalancer to be configured regardless of security list mode
[1.4.0-4]
- Fix bug in initialising certs manager when environment name not mentioned
[1.4.0-3]
- Fix bug in fetching report for multi-environment
[1.4.0-2]
- Pause image is 3.4.1
[1.4.0-1]
- CSI plugin
- Reports feature
- Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade
- Istio-1.9.4 to Istio-1.11.4 upgrade
- Component upgrades
- Config file feature
[1.3.0-13]
- Fix iptables issue when running on OL7 host using OL8 image
[1.3.0-12]
- Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007
[1.3.0-11]
- Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282]
[1.3.0-10]
- Fixed missing double semicolon in registry image helper
[1.3.0-9]
Related CVEs
| CVE-2022-3162 |
| CVE-2022-3294 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 8 (x86_64) | kubernetes-1.22.16-1.el8.src.rpm | 8a35af81bc2d6269fe6c9af999981ee280b98190824c86a85171e21e25bf3f46 | - | ol8_x86_64_olcne15 |
| kubernetes-1.23.14-1.el8.src.rpm | 3d6a9f5441ffa8a7189d9e2d7e74937f42ac5ccc10d8509fc6a3c74144fb9d75 | - | ol8_x86_64_olcne15 | |
| kubernetes-1.24.8-1.el8.src.rpm | 9dcc665d8081ed358af23e66794a428c2f06dc2d8110c04e45b3a16d3438ed5c | - | ol8_x86_64_olcne15 | |
| olcne-1.5.8-4.el8.src.rpm | 02e2c2003c05b04ee1c088f4f3f9a6e9633cbfe2d6d95f156998c60db7dff583 | - | ol8_x86_64_olcne15 | |
| kubeadm-1.22.16-1.el8.x86_64.rpm | 2bb7acd7caaf3755a473d06312895dea796f5252442688c9740c422dcfa27b5c | - | ol8_x86_64_olcne15 | |
| kubeadm-1.23.14-1.el8.x86_64.rpm | 942a75fe8423450126ef5365094f637d39d6b3110b7e4aa27a18e6db5c3bc9aa | - | ol8_x86_64_olcne15 | |
| kubeadm-1.24.8-1.el8.x86_64.rpm | 364a52a62f0f28b801e7e1c030ed598397f8dc77851b223dec2f0904f6ba6697 | - | ol8_x86_64_olcne15 | |
| kubectl-1.22.16-1.el8.x86_64.rpm | 3fb5f3df9e3002dda8f5e977263cb68da2c2c19d63a9b7f798cabf1609834cfc | - | ol8_x86_64_olcne15 | |
| kubectl-1.23.14-1.el8.x86_64.rpm | 6cea70a77bf3050a4bf874eaf9c8311b76b0085ff0cd8a77610be1002c483f23 | - | ol8_x86_64_olcne15 | |
| kubectl-1.24.8-1.el8.x86_64.rpm | 408573441f91c0ce1cb06a352703b6518379c8048eb68b18ec131ab790cbb001 | - | ol8_x86_64_olcne15 | |
| kubelet-1.22.16-1.el8.x86_64.rpm | f0394a391527606a5b70ee058bf17d5c4b91d23acb61f499013d8258cbafc9e5 | - | ol8_x86_64_olcne15 | |
| kubelet-1.23.14-1.el8.x86_64.rpm | 7304c6d71d21d2890bf81cf0eb2223cb8d362dcc34c3a9fd29dde8e88325e052 | - | ol8_x86_64_olcne15 | |
| kubelet-1.24.8-1.el8.x86_64.rpm | 64ca26904465a1b41115577a39e3233742883e2636c098048345853670b83479 | - | ol8_x86_64_olcne15 | |
| olcne-agent-1.5.8-4.el8.x86_64.rpm | 854712dc09cccd3159658c33eeafc5efca3ed4d63af64dfe3bd4f0246b006690 | - | ol8_x86_64_olcne15 | |
| olcne-api-server-1.5.8-4.el8.x86_64.rpm | d07ad04cfba26d4b6fe64dc92605ebf4bc50574d6e293957e98bb1b08456d218 | - | ol8_x86_64_olcne15 | |
| olcne-gluster-chart-1.5.8-4.el8.x86_64.rpm | b2d5823fc6104b17b56bdc3379b82e414f6774e9ee03694f90542d1682b70104 | - | ol8_x86_64_olcne15 | |
| olcne-grafana-chart-1.5.8-4.el8.x86_64.rpm | fe4fd1cdb429aead015dc78bd69d23d584517b886b4251fc9b139254d8a0ac11 | - | ol8_x86_64_olcne15 | |
| olcne-istio-chart-1.5.8-4.el8.x86_64.rpm | da853ba6c97415dacf67def80f2897df3d36a0fc8cbb0805abac98b16e6c3932 | - | ol8_x86_64_olcne15 | |
| olcne-metallb-chart-1.5.8-4.el8.x86_64.rpm | 9603a156280c9b9ca47a696f9ec91827d2ed7ef486fbbf3655299ea96f045a8d | - | ol8_x86_64_olcne15 | |
| olcne-nginx-1.5.8-4.el8.x86_64.rpm | 94d52db40791ebdceec7aa7035cdaca4a703054b2045cc7a81fc0ed5571eedca | - | ol8_x86_64_olcne15 | |
| olcne-oci-ccm-chart-1.5.8-4.el8.x86_64.rpm | 082ca249aaedd69844e7555a1bb97a8ac73801a509f9b02d3ebc564d8a2959a8 | - | ol8_x86_64_olcne15 | |
| olcne-olm-chart-1.5.8-4.el8.x86_64.rpm | 117e6aa6813e6f48817e24dbd64455aad6782387e440337cf5216523ca4f8130 | - | ol8_x86_64_olcne15 | |
| olcne-prometheus-chart-1.5.8-4.el8.x86_64.rpm | e1394ae72d93d27193992ea8418aff398f5da9af86db7b1b27c59fb60515665a | - | ol8_x86_64_olcne15 | |
| olcne-utils-1.5.8-4.el8.x86_64.rpm | 4afca2598e73e34344059fbf15e460531a3abcbb5989f4cc38f916304181b4b2 | - | ol8_x86_64_olcne15 | |
| olcnectl-1.5.8-4.el8.x86_64.rpm | d134f451ad0a511b321c52e924921849204a2a5f8d84c835834e911e3023b23d | - | ol8_x86_64_olcne15 | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
