Описание
ELSA-2021-9396: olcne security update (IMPORTANT)
olcne [1.2.4-5]
- Updated registry-image-helper.sh to work with olcne-utils
[1.2.4-4]
- Fix istio template for 1.9.6 for k8s update failure
[1.2.4-3]
- Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282]
[1.2.4-2]
- Fix iptables issue when running on OL7 host using OL8 image
[1.2.4-1]
- Address Istio CVE's CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824
istio [1.9.6-2]
- Fix iptables issue when running on OL7 host using OL8 image
- Added istio-mixs and istio-mixc to Obsoletes list
[1.9.6-1]
- Address CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824
kubernetes [1.18.18-3]
- Fix iptables OL7 host kernel issue when running with OL8 image
[1.18.18-1]
- Address CVE-2021-27918
Обновленные пакеты
Oracle Linux 8
Oracle Linux x86_64
istio
1.9.6-2.el8
istio-istioctl
1.9.6-2.el8
istio-pilot-agent
1.9.6-2.el8
istio-pilot-discovery
1.9.6-2.el8
kubeadm
1.18.18-3.el8
kubectl
1.18.18-3.el8
kubelet
1.18.18-3.el8
olcne-agent
1.2.4-5.el8
olcne-api-server
1.2.4-5.el8
olcne-istio-chart
1.2.4-5.el8
olcne-nginx
1.2.4-5.el8
olcne-prometheus-chart
1.2.4-5.el8
olcne-utils
1.2.4-5.el8
olcnectl
1.2.4-5.el8
Ссылки на источники
Связанные уязвимости
Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a gateway is configured with AUTO_PASSTHROUGH routing configuration.
Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a gateway is configured with AUTO_PASSTHROUGH routing configuration.