Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2024-12329

Опубликовано: 16 апр. 2024
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2024-12329: cri-o security update (IMPORTANT)

cri-o [1.25.5-2]

  • Address CVE-2024-24786

cri-tools [1.25.0-4]

  • Address CVE-2024-24786

etcd [3.5.9-4]

  • Address protobuf [CVE-2024-24786]

[3.5.9-3]

  • Address CVE-2023-39326 by upgrading golang to version 1.20.12

istio [1.16.7-4]

  • Address protobuf [CVE-2024-24786]
  • Backport from 1.19.7 to address CVE-2024-23322, CVE-2024-23323, CVE-2024-23324, CVE-2024-23325, CVE-2024-23327

kubernetes [1.25.16-2]

  • Fixed CoreDNS version check

olcne [1.6.7-3]

  • Fixed unable to deploy new module(s) using config file containing already existing modules
  • Update Istio-1.16.7 to address CVE-2024-24786, CVE-2024-23322, CVE-2024-23323, CVE-2024-23324, CVE-2024-23325, CVE-2024-23327
  • Update Kubernetes-1.25.16 and components to address CVE-2024-24786

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

cri-o

1.25.5-2.el7

cri-tools

1.25.0-4.el7

etcd

3.5.9-4.el7

istio

1.16.7-4.el7

istio-istioctl

1.16.7-4.el7

kubeadm

1.25.16-2.el7

kubectl

1.25.16-2.el7

kubelet

1.25.16-2.el7

olcne-agent

1.6.7-3.el7

olcne-api-server

1.6.7-3.el7

olcne-calico-chart

1.6.7-3.el7

olcne-gluster-chart

1.6.7-3.el7

olcne-grafana-chart

1.6.7-3.el7

olcne-istio-chart

1.6.7-3.el7

olcne-metallb-chart

1.6.7-3.el7

olcne-multus-chart

1.6.7-3.el7

olcne-nginx

1.6.7-3.el7

olcne-oci-ccm-chart

1.6.7-3.el7

olcne-olm-chart

1.6.7-3.el7

olcne-prometheus-chart

1.6.7-3.el7

olcne-utils

1.6.7-3.el7

olcnectl

1.6.7-3.el7

Связанные CVE

CVE-2024-23327
CVE-2024-24786

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2024-12348

oracle-oval
около 1 года назад

ELSA-2024-12348: cri-o security update (IMPORTANT)

oracle-oval логотип

ELSA-2024-12347

oracle-oval
около 1 года назад

ELSA-2024-12347: cri-o security update (IMPORTANT)

oracle-oval логотип

ELSA-2024-12328

oracle-oval
около 1 года назад

ELSA-2024-12328: cri-o security update (IMPORTANT)

redhat логотип

CVE-2024-23327

CVSS3: 7.5
redhat
больше 1 года назад

Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

nvd логотип

CVE-2024-23327

CVSS3: 7.5
nvd
больше 1 года назад

Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.