Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2024-12347

Опубликовано: 26 апр. 2024
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2024-12347: cri-o security update (IMPORTANT)

cri-o [1.26.4-2]

  • Address CVE-2024-24786

cri-tools [1.26.1-5]

  • Address CVE-2024-24786

etcd [3.5.10-3]

  • Address protobuf [CVE-2024-24786]

[3.5.10-1]

  • Added Oracle specific build files

istio [1.17.8-3]

  • Address protobuf [CVE-2024-24786]
  • Backport from 1.19.7 to address CVE-2024-23322, CVE-2024-23323, CVE-2024-23324, CVE-2024-23325, CVE-2024-23327

kubernetes [1.26.15-1]

  • Added Oracle specific build files for Kubernetes

olcne [1.7.7-2]

  • Fixed unable to deploy new module(s) using config file containing already existing modules
  • Update Istio-1.17.8 to address CVE-2024-24786, CVE-2024-23322, CVE-2024-23323, CVE-2024-23324, CVE-2024-23325, CVE-2024-23327
  • Update Kubernetes-1.26.15 and components to address CVE-2024-24786

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

etcd

3.5.10-3.el9

Oracle Linux x86_64

cri-o

1.26.4-2.el9

cri-tools

1.26.1-5.el9

etcd

3.5.10-3.el9

istio

1.17.8-3.el9

istio-istioctl

1.17.8-3.el9

kubeadm

1.26.15-1.el9

kubectl

1.26.15-1.el9

kubelet

1.26.15-1.el9

olcne-agent

1.7.7-2.el9

olcne-api-server

1.7.7-2.el9

olcne-calico-chart

1.7.7-2.el9

olcne-gluster-chart

1.7.7-2.el9

olcne-grafana-chart

1.7.7-2.el9

olcne-istio-chart

1.7.7-2.el9

olcne-kubevirt-chart

1.7.7-2.el9

olcne-metallb-chart

1.7.7-2.el9

olcne-multus-chart

1.7.7-2.el9

olcne-nginx

1.7.7-2.el9

olcne-oci-ccm-chart

1.7.7-2.el9

olcne-olm-chart

1.7.7-2.el9

olcne-prometheus-chart

1.7.7-2.el9

olcne-rook-chart

1.7.7-2.el9

olcne-utils

1.7.7-2.el9

olcnectl

1.7.7-2.el9

Связанные CVE

CVE-2024-23327
CVE-2024-24786

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2024-12348

oracle-oval
больше 1 года назад

ELSA-2024-12348: cri-o security update (IMPORTANT)

oracle-oval логотип

ELSA-2024-12329

oracle-oval
больше 1 года назад

ELSA-2024-12329: cri-o security update (IMPORTANT)

oracle-oval логотип

ELSA-2024-12328

oracle-oval
больше 1 года назад

ELSA-2024-12328: cri-o security update (IMPORTANT)

redhat логотип

CVE-2024-23327

CVSS3: 7.5
redhat
больше 1 года назад

Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

nvd логотип

CVE-2024-23327

CVSS3: 7.5
nvd
больше 1 года назад

Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.