Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2023-12772

Опубликовано: 11 сент. 2023
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2023-12772: olcne security update (IMPORTANT)

istio [1.17.5-1]

  • Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944.

kubevirt [0.58.0-3]

  • Ensure that selinux build tags are set for all Go builds

olcne [1.7.2-3]

  • Mofify kubevirt image tag to use virt-operator tag instead of kubevirt-version

[1.7.2-2]

  • Update kubevirt image versions fixing selinux=enforce not being supported

[1.7.2-1]

  • Add Istio-1.17.5 and Istio-1.16.7 to address CVE's
  • CVE-2023-35941
  • CVE-2023-35942
  • CVE-2023-35943
  • CVE-2023-35944

[1.7.0-10]

  • Remove worker-nodes enforcement from olcnectl provision

[1.7.0-9]

  • Add resolutions for jenkins build failures

Обновленные пакеты

Oracle Linux 8

Oracle Linux x86_64

istio

1.17.5-1.el8

istio-istioctl

1.17.5-1.el8

olcne-agent

1.7.2-3.el8

olcne-api-server

1.7.2-3.el8

olcne-calico-chart

1.7.2-3.el8

olcne-gluster-chart

1.7.2-3.el8

olcne-grafana-chart

1.7.2-3.el8

olcne-istio-chart

1.7.2-3.el8

olcne-kubevirt-chart

1.7.2-3.el8

olcne-metallb-chart

1.7.2-3.el8

olcne-multus-chart

1.7.2-3.el8

olcne-nginx

1.7.2-3.el8

olcne-oci-ccm-chart

1.7.2-3.el8

olcne-olm-chart

1.7.2-3.el8

olcne-prometheus-chart

1.7.2-3.el8

olcne-rook-chart

1.7.2-3.el8

olcne-utils

1.7.2-3.el8

olcnectl

1.7.2-3.el8

virtctl

0.58.0-3.el8

Связанные CVE

CVE-2023-35942
CVE-2023-35941
CVE-2023-35943
CVE-2023-35944

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2023-12781

oracle-oval
около 2 лет назад

ELSA-2023-12781: istio security update (IMPORTANT)

oracle-oval логотип

ELSA-2023-12780

oracle-oval
около 2 лет назад

ELSA-2023-12780: istio security update (IMPORTANT)

oracle-oval логотип

ELSA-2023-12771

oracle-oval
около 2 лет назад

ELSA-2023-12771: istio security update (IMPORTANT)

redhat логотип

CVE-2023-35942

CVSS3: 6.5
redhat
около 2 лет назад

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a `use-after-free` crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, disable gRPC access log or stop listener update.

nvd логотип

CVE-2023-35942

CVSS3: 6.5
nvd
около 2 лет назад

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a `use-after-free` crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, disable gRPC access log or stop listener update.