[ELSA-2020-5765] Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes kubernetes istio olcne security update
kernel-uek-container
[4.14.35-1902.303.5.3.el7]
- rds: Deregister all FRWR mr with free_mr (Hans Westgaard Ry) [Orabug: 31476202]
- Revert 'rds: Do not cancel RDMAs that have been posted to the HCA' (Gerd Rausch) [Orabug: 31475329]
- Revert 'rds: Introduce rds_conn_to_path helper' (Gerd Rausch) [Orabug: 31475329]
- Revert 'rds: Three cancel fixes' (Gerd Rausch) [Orabug: 31475318]
[4.14.35-1902.303.5.2.el7]
- rds: Three cancel fixes (Hakon Bugge) [Orabug: 31463014]
[4.14.35-1902.303.5.1.el7]
- x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}
- x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}
- x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}
- x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}
[4.14.35-1902.303.5.el7]
- net/mlx5: Decrease default mr cache size (Artemy Kovalyov) [Orabug: 31446379]
[4.14.35-1902.303.4.el7]
- net/rds: suppress memory allocation failure reports (Manjunath Patil) [Orabug: 31422157]
- rds: Do not cancel RDMAs that have been posted to the HCA (Hakon Bugge) [Orabug: 31422151]
- rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31422151]
kata-image
[1.7.3-1.0.5.1]
- Address Kata CVE 2023
kata-runtime
[1.7.3-1.0.5]
- Address Kata CVE-2020-2023
- Address Kata CVE-2020-2024
- Address Kata CVE-2020-2025
- Address Kata CVE-2020-2026
kata
[1.7.3-1.0.7]
- Address CVE-2020-2023
- Address CVE-2020-2024
- Address CVE-2020-2025
- Address CVE-2020-2026
kubernetes
[1.14.9-1.0.6]
- CVE-2020-8559: Privilege escalation from compromised node to cluster
- CVE-2020-8557: Node disk DOS by writing to container /etc/hosts
[1.14.9-1.0.5]
- Update dependency on Kata containers to a build that includes fixes for CVE-2020-2023 thru CVE-2020-2026
kubernetes
[1.17.9-1.0.1.el7]
- Added Oracle specific build files for Kubernetes
istio
[1.4.10-1.0.1]
- CVE-2020-15104:
Incorrect validation of wildcard DNS Subject Alternative Names
[1.4.10-1.0.0]
- Added Oracle Specific Build Files for istio/istio
olcne
[1.1.2-6]
- Include kata-runtime in the default template
[1.1.2-5]
- CVE-2020-8559: Privilege escalation from compromised node to cluster
- CVE-2020-8557: Node disk DOS by writing to container /etc/hosts
[1.1.2-4]
- Update arguments added for istio module.
[1.1.2-3]
- Ensure Istio sidecar injector uses valid executable
[1.1.2-2]
- Update Kubernetes to use Kata 1.7.3-1.0.7 to address CVE-2020-2023 thru CVE-2020-2026
[1.1.2-1]
- Added istio-1.4.10 charts and updated istio.yaml to use istio-1.4.10
- ID
- ELSA-2020-5765
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2020-5765.html
- Published
-
2020-07-22T00:00:00
(4 years ago) - Modified
-
2020-07-22T00:00:00
(4 years ago) - Rights
- Copyright 2020 Oracle, Inc.
- Other Advisories
-
- ALAS-2020-1404
- ALAS2-2020-1445
- ALPINE:CVE-2020-11080
- ALPINE:CVE-2020-8557
- ALPINE:CVE-2020-8559
- ALSA-2020:2755
- ALSA-2020:2848
- ALSA-2020:2852
- DSA-4696-1
- ELSA-2020-2755
- ELSA-2020-2848
- ELSA-2020-2852
- ELSA-2020-5766
- ELSA-2020-5767
- FEDORA-2020-15a1bde727
- FEDORA-2020-1af9cd8c87
- FEDORA-2020-2f5879aeb6
- FEDORA-2020-43d5a372fc
- FEDORA-2020-61fcf3ffc7
- FEDORA-2020-7a0b6071a4
- FEDORA-2020-c33083813d
- FEDORA-2020-f7d15c8b77
- FREEBSD:11FCFA8F-AC64-11EA-9DAB-000D3AB229D6
- FREEBSD:4BB56D2F-A5B0-11EA-A860-08002728F74C
- GO-2024-2748
- GO-2024-2753
- MS:CVE-2020-11080
- openSUSE-SU-2020:0802-1
- openSUSE-SU-2021:0468-1
- RHSA-2020:2755
- RHSA-2020:2848
- RHSA-2020:2852
- RLSA-2020:2755
- RLSA-2020:2848
- RLSA-2020:2852
- SUSE-SU-2020:1568-1
- SUSE-SU-2020:1575-1
- SUSE-SU-2020:1576-1
- SUSE-SU-2020:1606-1
- SUSE-SU-2020:2800-1
- SUSE-SU-2021:0930-1
- SUSE-SU-2021:0931-1
- SUSE-SU-2021:0932-1
- USN-6142-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2020-5765 | https://linux.oracle.com/errata/ELSA-2020-5765.html | |
CVE | CVE-2020-1764 | https://linux.oracle.com/cve/CVE-2020-1764.html | |
CVE | CVE-2020-15104 | https://linux.oracle.com/cve/CVE-2020-15104.html | |
CVE | CVE-2020-10739 | https://linux.oracle.com/cve/CVE-2020-10739.html | |
CVE | CVE-2020-2024 | https://linux.oracle.com/cve/CVE-2020-2024.html | |
CVE | CVE-2020-8557 | https://linux.oracle.com/cve/CVE-2020-8557.html | |
CVE | CVE-2020-2025 | https://linux.oracle.com/cve/CVE-2020-2025.html | |
CVE | CVE-2020-2026 | https://linux.oracle.com/cve/CVE-2020-2026.html | |
CVE | CVE-2020-11080 | https://linux.oracle.com/cve/CVE-2020-11080.html | |
CVE | CVE-2020-8559 | https://linux.oracle.com/cve/CVE-2020-8559.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/olcnectl?distro=oraclelinux-7 | oraclelinux | olcnectl | < 1.1.2-6.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/olcne-utils?distro=oraclelinux-7 | oraclelinux | olcne-utils | < 1.1.2-6.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/olcne-prometheus-chart?distro=oraclelinux-7 | oraclelinux | olcne-prometheus-chart | < 1.1.2-6.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/olcne-nginx?distro=oraclelinux-7 | oraclelinux | olcne-nginx | < 1.1.2-6.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/olcne-istio-chart?distro=oraclelinux-7 | oraclelinux | olcne-istio-chart | < 1.1.2-6.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/olcne-api-server?distro=oraclelinux-7 | oraclelinux | olcne-api-server | < 1.1.2-6.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/olcne-agent?distro=oraclelinux-7 | oraclelinux | olcne-agent | < 1.1.2-6.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kubelet?distro=oraclelinux-7 | oraclelinux | kubelet | < 1.14.9-1.0.6.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kubelet?distro=oraclelinux-7 | oraclelinux | kubelet | < 1.17.9-1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kubectl?distro=oraclelinux-7 | oraclelinux | kubectl | < 1.14.9-1.0.6.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kubectl?distro=oraclelinux-7 | oraclelinux | kubectl | < 1.17.9-1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kubeadm?distro=oraclelinux-7 | oraclelinux | kubeadm | < 1.14.9-1.0.6.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kubeadm?distro=oraclelinux-7 | oraclelinux | kubeadm | < 1.17.9-1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-container?distro=oraclelinux-7 | oraclelinux | kernel-uek-container | < 4.14.35-1902.303.5.3.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kata?distro=oraclelinux-7 | oraclelinux | kata | < 1.7.3-1.0.7.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kata-runtime?distro=oraclelinux-7 | oraclelinux | kata-runtime | < 1.7.3-1.0.5.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kata-image | oraclelinux | kata-image | < 1.7.3-1.0.5.1.ol7_202007011859 | |||
Affected | pkg:rpm/oraclelinux/istio?distro=oraclelinux-7 | oraclelinux | istio | < 1.4.10-1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/istio-sidecar-injector?distro=oraclelinux-7 | oraclelinux | istio-sidecar-injector | < 1.4.10-1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/istio-proxy-init?distro=oraclelinux-7 | oraclelinux | istio-proxy-init | < 1.4.10-1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/istio-pilot-discovery?distro=oraclelinux-7 | oraclelinux | istio-pilot-discovery | < 1.4.10-1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/istio-pilot-agent?distro=oraclelinux-7 | oraclelinux | istio-pilot-agent | < 1.4.10-1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/istio-node-agent?distro=oraclelinux-7 | oraclelinux | istio-node-agent | < 1.4.10-1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/istio-mixs?distro=oraclelinux-7 | oraclelinux | istio-mixs | < 1.4.10-1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/istio-mixc?distro=oraclelinux-7 | oraclelinux | istio-mixc | < 1.4.10-1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/istio-istioctl?distro=oraclelinux-7 | oraclelinux | istio-istioctl | < 1.4.10-1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/istio-galley?distro=oraclelinux-7 | oraclelinux | istio-galley | < 1.4.10-1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/istio-citadel?distro=oraclelinux-7 | oraclelinux | istio-citadel | < 1.4.10-1.0.1.el7 | oraclelinux-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |