ELSA-2020-5766

Опубликовано: 22 июл. 2020

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2020-5766: Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes olcne security update (IMPORTANT)

kernel-uek-container [4.14.35-1902.303.5.3.el7]

rds: Deregister all FRWR mr with free_mr (Hans Westgaard Ry) [Orabug: 31476202]
Revert 'rds: Do not cancel RDMAs that have been posted to the HCA' (Gerd Rausch) [Orabug: 31475329]
Revert 'rds: Introduce rds_conn_to_path helper' (Gerd Rausch) [Orabug: 31475329]
Revert 'rds: Three cancel fixes' (Gerd Rausch) [Orabug: 31475318]

[4.14.35-1902.303.5.2.el7]

rds: Three cancel fixes (Hakon Bugge) [Orabug: 31463014]

[4.14.35-1902.303.5.1.el7]

x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}
x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}
x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}
x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}

[4.14.35-1902.303.5.el7]

net/mlx5: Decrease default mr cache size (Artemy Kovalyov) [Orabug: 31446379]

[4.14.35-1902.303.4.el7]

net/rds: suppress memory allocation failure reports (Manjunath Patil) [Orabug: 31422157]
rds: Do not cancel RDMAs that have been posted to the HCA (Hakon Bugge) [Orabug: 31422151]
rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31422151]
xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 31422147]

kata-image [1.7.3-1.0.5.1]

Address Kata CVE 2023

kata-runtime [1.7.3-1.0.5]

Address Kata CVE-2020-2023
Address Kata CVE-2020-2024
Address Kata CVE-2020-2025
Address Kata CVE-2020-2026

kata [1.7.3-1.0.7]

Address CVE-2020-2023
Address CVE-2020-2024
Address CVE-2020-2025
Address CVE-2020-2026

kubernetes [1.14.9-1.0.6]

CVE-2020-8559: Privilege escalation from compromised node to cluster
CVE-2020-8557: Node disk DOS by writing to container /etc/hosts

[1.14.9-1.0.5]

Update dependency on Kata containers to a build that includes fixes for CVE-2020-2023 thru CVE-2020-2026

olcne [1.0.5-3]

update registry image mirroring script

[1.0.5-2]

CVE-2020-8559: Privilege escalation from compromised node to cluster
CVE-2020-8557: Node disk DOS by writing to container /etc/hosts
Update bootstrap scripts

[1.0.5-1]

Update Kata Containers to address CVEs 2020-2023 thru 2020-2026

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

kata

1.7.3-1.0.7.el7

kata-image

1.7.3-1.0.5.1.ol7_202007011859

kata-runtime

1.7.3-1.0.5.el7

kernel-uek-container

4.14.35-1902.303.5.3.el7

kubeadm

1.14.9-1.0.6.el7

kubectl

1.14.9-1.0.6.el7

kubelet

1.14.9-1.0.6.el7

olcne-agent

1.0.5-3.el7

olcne-api-server

1.0.5-3.el7

olcne-nginx

1.0.5-3.el7

olcne-utils

1.0.5-3.el7

olcnectl

1.0.5-3.el7

Связанные CVE

Ссылки на источники

Связанные уязвимости

ELSA-2020-5765

oracle-oval

почти 5 лет назад

ELSA-2020-5765: Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes kubernetes istio olcne security update (IMPORTANT)

ELSA-2020-5767

oracle-oval

почти 5 лет назад

ELSA-2020-5767: kubernetes security update (IMPORTANT)

CVE-2020-8557

CVSS3: 5.5

ubuntu

почти 5 лет назад

The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail.

CVE-2020-8557

CVSS3: 5.5

redhat

почти 5 лет назад

CVE-2020-8557

CVSS3: 5.5

nvd

почти 5 лет назад