Описание
ELSA-2022-9854: kubernetes security update (IMPORTANT)
kubernetes [1.21.14-2]
- Fixed kubernetes-cni version.
[1.21.14-1]
- Addresses CVE-2022-3172
olcne [1.4.8-2]
- Updated Kubernetes package release version to 1.21.6-2
[1.4.8-1]
- Upgraded kubernetes-1.21.6 to 1.21.14
- Resolve Kubernetes CVE-2022-3172 for version 1.21
[1.4.7-1]
- Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045
[1.4.6-2]
- Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over
- Update gen-certs-helper script to skip printing olcne_transfer_script execution
- Cleanup grpc connection when node not found and use substr method in case fqdn used for hostname
[1.4.6-1]
- Adress Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227
[1.4.5-1]
- Address qemu CVE-2022-26353, CVE-2021-3748
[1.4.4-1]
- Excluded unnecessary directories from k8s backup files
[1.4.3-1]
- Update Istio to 1.13.2
[1.4.2-1]
- Added 1.4 extra images to registry-image-helper.sh script
[1.4.1-4]
- Ensure that the order of items in an upgraded config file is stable with respect to the original file
- Ensure that old olcnectl config files are upgraded
[1.4.1-3]
- Fixed a bug where specifying a port in the container-registry argument to the Kubernetes module would result in pods not being able to start.
[1.4.1-2]
- Allow loadbalancer to be configured regardless of security list mode
[1.4.1-1]
- Fix bug in initialising certs manager when environment name not mentioned
[1.4.0-3]
- Fix bug in fetching report for multi-environment
[1.4.0-2]
- Pause image is 3.4.1
[1.4.0-1]
- CSI plugin
- Reports feature
- Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade
- Istio-1.9.4 to Istio-1.11.4 upgrade
- Component upgrades
- Config file feature
[1.3.0-13]
- Fix iptables issue when running on OL7 host using OL8 image
[1.3.0-12]
- Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007
[1.3.0-11]
- Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282]
[1.3.0-10]
- Fixed missing double semicolon in registry image helper
[1.3.0-9]
Обновленные пакеты
Oracle Linux 8
Oracle Linux x86_64
kubeadm
1.21.14-2.el8
kubectl
1.21.14-2.el8
kubelet
1.21.14-2.el8
olcne-agent
1.4.8-2.el8
olcne-api-server
1.4.8-2.el8
olcne-gluster-chart
1.4.8-2.el8
olcne-grafana-chart
1.4.8-2.el8
olcne-istio-chart
1.4.8-2.el8
olcne-nginx
1.4.8-2.el8
olcne-oci-csi-chart
1.4.8-2.el8
olcne-olm-chart
1.4.8-2.el8
olcne-prometheus-chart
1.4.8-2.el8
olcne-utils
1.4.8-2.el8
olcnectl
1.4.8-2.el8
Связанные CVE
Связанные уязвимости
A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.
A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.
A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.
A security issue was discovered in kube-apiserver that allows an aggr ...