Описание
ELSA-2024-12226: conmon security update (IMPORTANT)
conmon [2.1.3-8]
- address CVE-2023-39326
cri-o [1.26.4-1]
- Added Oracle Specific Files for cri-o
- Cherry-picked upstream commits for OCPBUGS-17150: oci: simplify stopping code https://github.com/cri-o/cri-o/pull/7185
- Fixed CVE-2023-39325: bump golang.org/x/net to v0.17.0
cri-tools [1.26.1-4]
- Address CVE-2023-39326
etcd [3.5.9-3]
- Address CVE-2023-39326 by upgrading golang to version 1.20.12
flannel-cni-plugin [1.2.0-3]
- Build for aarch64
[1.2.0-2]
- Rebuild with golang 1.20.12
[1.2.0-1]
- Added Oracle specific build files for Flannel CNI Plugins
- Address CVE-2023-44487 and CVE-2023-39325
helm [3.12.0-4]
- address CVE-2023-39326 by updating golang version to 1.20.12
istio [1.17.8-2]
- Address CVE-2023-39326
kata [1.12.1-17]
- Include OL9 for kernel-uek-container (currently in UEKR7_developer_preview)
[1.12.1-16]
- Rebuild with golang 1.20.12
[1.12.1-15]
- Updated for kubernetes 1.27 and 1.28
kata-agent [1.12.1-11]
- Rebuild with -11 tag
[1.12.1-10]
- Updated Golang to 1.20.12 to address CVE CVE-2023-39326
kata-image [1.12.1-11]
- Rebuild with -11 tag
[1.12.1-10]
- Updated Golang to 1.20.12 to address CVE CVE-2023-39326
kata-ksm-throttler [1.12.1-11]
- Rebuild with -11 tag
[1.12.1-10]
- Updated Golang to 1.20.12 to address CVE CVE-2023-39326
kata-proxy [1.12.1-11]
- Rebuild with -11 tag
[1.12.1-10]
- Updated Golang to 1.20.12 to address CVE CVE-2023-39326
kata-runtime [1.12.1-11]
- Rebuild with -11 tag
[1.12.1-10]
- Updated Golang to 1.20.12 to address CVE CVE-2023-39326
kata-shim [1.12.1-11]
- Rebuild with -11 tag
[1.12.1-10]
- Updated Golang to 1.20.12 to address CVE CVE-2023-39326
kubernetes [1.26.10-3]
- Build with golang 1.20.12
kubernetes-cni [1.1.2-4]
- Address CVE-2023-39326, update golang version to 1.20.12
kubernetes-cni-plugins [1.2.0-6]
- Rebuild with golang 1.20.12
[1.2.0-5]
- update flannel-cni-plugin to 1.2.0
kubevirt [0.58.0-5]
- Updated to address CVE-2023-39326
olcne [1.7.6-5]
- Fix OLM upgrade failure
[1.7.6-4]
- Fixed unable to deploy new module(s) using config file containing already existing modules
[1.7.6-2]
- Corrected olcne repo version in the prompt text of the 'olcnectl provision' command
[1.7.6-1]
- Update kubernetes and components to address golang CVE-2023-39326
- Update istio and components to address golang CVE-2023-39326
- Update metallb, multus-cni, kubevirt, module-operator, calico, rook to address golang CVE-2023-39326
- Update cri-o to 1.26-4 patched
- add conmon resource to kubernetes module
[1.7.5-22]
- Fix OLM upgrade failure - same version upgrade
[1.7.5-21]
- Migrate ModuleOperator from verrazzano-install to ocne-modules namespace
[1.7.5-20]
- Update module-operator to address CVE-2023-39326
[1.7.5-19]
- Updated kubevirt 0.58.0 to address CVE-2023-39326
[1.7.5-18]
- Back port rebuild of calico 3.25.1
yq [4.34.1-4]
- Update Golang to 1.20.12 to address CVE-2023-39326
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
conmon
2.1.3-8.el8
etcd
3.5.9-3.el8
flannel-cni-plugin
1.2.0-3.el8
helm
3.12.0-4.el8
kata
1.12.1-17.el8
kata-agent
1.12.1-11.el8
kata-image
1.12.1-11.11.ol8_202312212317
kata-ksm-throttler
1.12.1-11.el8
kata-proxy
1.12.1-11.el8
kata-runtime
1.12.1-11.el8
kata-shim
1.12.1-11.el8
kubernetes-cni
1.1.2-4.el8
kubernetes-cni-plugins
1.2.0-6.el8
yq
4.34.1-4.el8
Oracle Linux x86_64
conmon
2.1.3-8.el8
cri-o
1.26.4-1.el8
cri-tools
1.26.1-4.el8
etcd
3.5.9-3.el8
flannel-cni-plugin
1.2.0-3.el8
helm
3.12.0-4.el8
istio
1.17.8-2.el8
istio-istioctl
1.17.8-2.el8
kata
1.12.1-17.el8
kata-agent
1.12.1-11.el8
kata-image
1.12.1-11.11.ol8_202312212317
kata-ksm-throttler
1.12.1-11.el8
kata-proxy
1.12.1-11.el8
kata-runtime
1.12.1-11.el8
kata-shim
1.12.1-11.el8
kubeadm
1.26.10-3.el8
kubectl
1.26.10-3.el8
kubelet
1.26.10-3.el8
kubernetes-cni
1.1.2-4.el8
kubernetes-cni-plugins
1.2.0-6.el8
olcne-agent
1.7.6-5.el8
olcne-api-server
1.7.6-5.el8
olcne-calico-chart
1.7.6-5.el8
olcne-gluster-chart
1.7.6-5.el8
olcne-grafana-chart
1.7.6-5.el8
olcne-istio-chart
1.7.6-5.el8
olcne-kubevirt-chart
1.7.6-5.el8
olcne-metallb-chart
1.7.6-5.el8
olcne-multus-chart
1.7.6-5.el8
olcne-nginx
1.7.6-5.el8
olcne-oci-ccm-chart
1.7.6-5.el8
olcne-olm-chart
1.7.6-5.el8
olcne-prometheus-chart
1.7.6-5.el8
olcne-rook-chart
1.7.6-5.el8
olcne-utils
1.7.6-5.el8
olcnectl
1.7.6-5.el8
virtctl
0.58.0-5.el8
yq
4.34.1-4.el8
Связанные CVE
Связанные уязвимости
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.
A malicious HTTP sender can use chunk extensions to cause a receiver r ...
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.