Описание
ELSA-2020-5727: kubernetes-cni-plugins kubernetes-cni kubernetes olcne security update (IMPORTANT)
kubernetes-cni-plugins [0.8.6-1.0.1]
- Added Oracle specific build files for Kubernetes CNI Plugins
kubernetes-cni [0.7.1-1.0.1]
- Added Oracle specific build files for Kubernetes CNI
kubernetes [1.14.9-1.0.4]
- CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements
- CVE-2020-8555: Half-Blind SSRF in kube-controller-manager
[1.14.9-1.0.3]
- [CVE-2019-11254] kube-apiserver Denial of Service vulnerability from malicious YAML payloads
[1.14.9-1.0.2]
- Use bounded crio version
[1.14.9-1.0.1]
- Added Oracle specific build files for Kubernetes
olcne [1.0.4-1]
- CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements
- CVE-2020-8555: Half-Blind SSRF in kube-controller-manager
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
kubeadm
1.14.9-1.0.4.el7
kubectl
1.14.9-1.0.4.el7
kubelet
1.14.9-1.0.4.el7
kubernetes-cni
0.7.1-1.0.1.el7
kubernetes-cni-plugins
0.8.6-1.0.2.el7
olcne-agent
1.0.4-2.el7
olcne-api-server
1.0.4-2.el7
olcne-nginx
1.0.4-2.el7
olcne-utils
1.0.4-2.el7
olcnectl
1.0.4-2.el7
Связанные CVE
Связанные уязвимости
ELSA-2020-5725: kubernetes kubeadm-ha-setup kubernetes-cni kubernetes-cni-plugins security update (IMPORTANT)
ELSA-2020-5726: grafana kubernetes-cni kubernetes-cni-plugins kubernetes kubernetes olcne security update (IMPORTANT)
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).