Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2020-5653

Опубликовано: 17 апр. 2020
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2020-5653: olcne kubernetes security update (IMPORTANT)

olcne [1.0.3-1]

  • updated the default Kubernetes version to 1.14.9

kubernetes [1.14.9-1.0.3]

  • [CVE-2019-11254] kube-apiserver Denial of Service vulnerability from malicious YAML payloads

[1.14.9-1.0.2]

  • Use bounded crio version

[1.14.9-1.0.1]

  • Added Oracle specific build files for Kubernetes

cri-o [1.14.7-1.0.5]

  • Enhance versioning detection

[1.14.7-1.0.4]

  • Golang CVE-2019-16276

[1.14.7-1.0.3]

  • added THIRD_PARTY_LICENSES.txt file

[1.14.7-1.0.2]

  • moved to semantic versioning for Release

[1.14.7-1]

  • Added Oracle Specifile Files for cri-o

cri-tools [1.14.0-1.0.5]

  • Enhance versioning to support rpm Provides

[1.14.0-1.0.4]

  • Golang CVE-2019-16276

[1.14.0-1.0.3]

  • added THIRD_PARTY_LICENSES.txt file

[1.14.0-1.0.2]

  • moved to semantic versioning for Release and added Url

[1.14.0-1]

  • Added Oracle Specific Build Files for cri-tools

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

conmon

1.14.7-1.0.7.el7

cri-o

1.14.7-1.0.7.el7

cri-tools

1.14.0-1.0.5.el7

kubeadm

1.14.9-1.0.3.el7

kubectl

1.14.9-1.0.3.el7

kubelet

1.14.9-1.0.3.el7

olcne-agent

1.0.3-1.el7

olcne-api-server

1.0.3-1.el7

olcne-nginx

1.0.3-1.el7

olcne-utils

1.0.3-1.el7

olcnectl

1.0.3-1.el7

Связанные CVE

CVE-2019-11254

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2019-11254

CVSS3: 6.5
ubuntu
около 5 лет назад

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.

redhat логотип

CVE-2019-11254

CVSS3: 6.5
redhat
около 5 лет назад

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.

nvd логотип

CVE-2019-11254

CVSS3: 6.5
nvd
около 5 лет назад

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.

debian логотип

CVE-2019-11254

CVSS3: 6.5
debian
около 5 лет назад

The Kubernetes API Server component in versions 1.1-1.14, and versions ...

github логотип

GHSA-wxc4-f4m6-wwqv

CVSS3: 6.5
github
больше 3 лет назад

Excessive Platform Resource Consumption within a Loop in Kubernetes