Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2024-12328

Опубликовано: 16 апр. 2024
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2024-12328: cri-o security update (IMPORTANT)

cri-o [1.25.5-2]

  • Address CVE-2024-24786

cri-tools [1.25.0-4]

  • Address CVE-2024-24786

etcd [3.5.9-4]

  • Address protobuf [CVE-2024-24786]

[3.5.9-3]

  • Address CVE-2023-39326 by upgrading golang to version 1.20.12

istio [1.16.7-4]

  • Address protobuf [CVE-2024-24786]
  • Backport from 1.19.7 to address CVE-2024-23322, CVE-2024-23323, CVE-2024-23324, CVE-2024-23325, CVE-2024-23327

kubernetes [1.25.16-2]

  • Fixed CoreDNS version check

[1.25.16-1]

  • Added Oracle specific build files for Kubernetes

olcne [1.6.7-3]

  • Fixed unable to deploy new module(s) using config file containing already existing modules
  • Update Istio-1.16.7 to address CVE-2024-24786, CVE-2024-23322, CVE-2024-23323, CVE-2024-23324, CVE-2024-23325, CVE-2024-23327

Обновленные пакеты

Oracle Linux 8

Oracle Linux x86_64

cri-o

1.25.5-2.el8

cri-tools

1.25.0-4.el8

etcd

3.5.9-4.el8

istio

1.16.7-4.el8

istio-istioctl

1.16.7-4.el8

kubeadm

1.25.16-2.el8

kubectl

1.25.16-2.el8

kubelet

1.25.16-2.el8

olcne-agent

1.6.7-3.el8

olcne-api-server

1.6.7-3.el8

olcne-calico-chart

1.6.7-3.el8

olcne-gluster-chart

1.6.7-3.el8

olcne-grafana-chart

1.6.7-3.el8

olcne-istio-chart

1.6.7-3.el8

olcne-metallb-chart

1.6.7-3.el8

olcne-multus-chart

1.6.7-3.el8

olcne-nginx

1.6.7-3.el8

olcne-oci-ccm-chart

1.6.7-3.el8

olcne-olm-chart

1.6.7-3.el8

olcne-prometheus-chart

1.6.7-3.el8

olcne-utils

1.6.7-3.el8

olcnectl

1.6.7-3.el8

Связанные CVE

CVE-2024-24786
CVE-2024-23327

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2024-12348

oracle-oval
около 1 года назад

ELSA-2024-12348: cri-o security update (IMPORTANT)

oracle-oval логотип

ELSA-2024-12347

oracle-oval
около 1 года назад

ELSA-2024-12347: cri-o security update (IMPORTANT)

oracle-oval логотип

ELSA-2024-12329

oracle-oval
около 1 года назад

ELSA-2024-12329: cri-o security update (IMPORTANT)

redhat логотип

CVE-2024-23327

CVSS3: 7.5
redhat
больше 1 года назад

Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

nvd логотип

CVE-2024-23327

CVSS3: 7.5
nvd
больше 1 года назад

Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.