Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2021-9029

Опубликовано: 10 фев. 2021
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2021-9029: olcne security update (IMPORTANT)

kata-runtime [1.7.3-1.0.7]

  • Address CVE-2020-28914

kata [1.7.3-1.0.12]

  • UEKR6 guest kernel support

[1.7.3-1.0.11]

  • Address CVE-2020-28914

kubernetes [1.17.9-1.0.6]

  • Kata CVE-2020-28914

olcne [1.1.10-1]

  • Address CVE-2020-28914: An improper file permissions vulnerability affects Kata Containers prior to 1.11.5

[1.1.9-1]

  • Enhance the Kubernetes module to restrict the usage of external IPs
  • Address CVE-2020-8554: man-in-the-middle vulnerability using Kubernetes service External IPs

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

kata

1.7.3-1.0.12.el7

kata-runtime

1.7.3-1.0.7.el7

kubeadm

1.17.9-1.0.6.el7

kubectl

1.17.9-1.0.6.el7

kubelet

1.17.9-1.0.6.el7

olcne-agent

1.1.10-1.el7

olcne-api-server

1.1.10-1.el7

olcne-istio-chart

1.1.10-1.el7

olcne-nginx

1.1.10-1.el7

olcne-prometheus-chart

1.1.10-1.el7

olcne-utils

1.1.10-1.el7

olcnectl

1.1.10-1.el7

Связанные CVE

CVE-2020-28914
CVE-2020-8554

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2021-9028

oracle-oval
больше 4 лет назад

ELSA-2021-9028: olcne security update (IMPORTANT)

nvd логотип

CVE-2020-28914

CVSS3: 7.1
nvd
больше 4 лет назад

An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest. For a container breakout situation, a malicious guest can potentially modify or delete files/directories expected to be read-only.

ubuntu логотип

CVE-2020-8554

CVSS3: 6.3
ubuntu
больше 4 лет назад

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.

redhat логотип

CVE-2020-8554

CVSS3: 6.3
redhat
больше 4 лет назад

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.

nvd логотип

CVE-2020-8554

CVSS3: 6.3
nvd
больше 4 лет назад

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.