[ELSA-2020-5766] Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes olcne security update
kernel-uek-container
[4.14.35-1902.303.5.3.el7]
- rds: Deregister all FRWR mr with free_mr (Hans Westgaard Ry) [Orabug: 31476202]
- Revert 'rds: Do not cancel RDMAs that have been posted to the HCA' (Gerd Rausch) [Orabug: 31475329]
- Revert 'rds: Introduce rds_conn_to_path helper' (Gerd Rausch) [Orabug: 31475329]
- Revert 'rds: Three cancel fixes' (Gerd Rausch) [Orabug: 31475318]
[4.14.35-1902.303.5.2.el7]
- rds: Three cancel fixes (Hakon Bugge) [Orabug: 31463014]
[4.14.35-1902.303.5.1.el7]
- x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}
- x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}
- x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}
- x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}
[4.14.35-1902.303.5.el7]
- net/mlx5: Decrease default mr cache size (Artemy Kovalyov) [Orabug: 31446379]
[4.14.35-1902.303.4.el7]
- net/rds: suppress memory allocation failure reports (Manjunath Patil) [Orabug: 31422157]
- rds: Do not cancel RDMAs that have been posted to the HCA (Hakon Bugge) [Orabug: 31422151]
- rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31422151]
- xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 31422147]
kata-image
[1.7.3-1.0.5.1]
- Address Kata CVE 2023
kata-runtime
[1.7.3-1.0.5]
- Address Kata CVE-2020-2023
- Address Kata CVE-2020-2024
- Address Kata CVE-2020-2025
- Address Kata CVE-2020-2026
kata
[1.7.3-1.0.7]
- Address CVE-2020-2023
- Address CVE-2020-2024
- Address CVE-2020-2025
- Address CVE-2020-2026
kubernetes
[1.14.9-1.0.6]
- CVE-2020-8559: Privilege escalation from compromised node to cluster
- CVE-2020-8557: Node disk DOS by writing to container /etc/hosts
[1.14.9-1.0.5]
- Update dependency on Kata containers to a build that includes fixes for CVE-2020-2023 thru CVE-2020-2026
olcne
[1.0.5-3]
- update registry image mirroring script
[1.0.5-2]
- CVE-2020-8559: Privilege escalation from compromised node to cluster
- CVE-2020-8557: Node disk DOS by writing to container /etc/hosts
- Update bootstrap scripts
[1.0.5-1]
- Update Kata Containers to address CVEs 2020-2023 thru 2020-2026
| Package | Affected Version |
|---|---|
 pkg:rpm/oraclelinux/olcnectl?distro=oraclelinux-7
|
< 1.0.5-3.el7 |
|
pkg:rpm/oraclelinux/olcne-utils?distro=oraclelinux-7
|
< 1.0.5-3.el7 |
|
pkg:rpm/oraclelinux/olcne-nginx?distro=oraclelinux-7
|
< 1.0.5-3.el7 |
|
pkg:rpm/oraclelinux/olcne-api-server?distro=oraclelinux-7
|
< 1.0.5-3.el7 |
|
pkg:rpm/oraclelinux/olcne-agent?distro=oraclelinux-7
|
< 1.0.5-3.el7 |
|
pkg:rpm/oraclelinux/kubelet?distro=oraclelinux-7
|
< 1.14.9-1.0.6.el7 |
|
pkg:rpm/oraclelinux/kubectl?distro=oraclelinux-7
|
< 1.14.9-1.0.6.el7 |
|
pkg:rpm/oraclelinux/kubeadm?distro=oraclelinux-7
|
< 1.14.9-1.0.6.el7 |
|
pkg:rpm/oraclelinux/kernel-uek-container?distro=oraclelinux-7
|
< 4.14.35-1902.303.5.3.el7 |
|
pkg:rpm/oraclelinux/kata?distro=oraclelinux-7
|
< 1.7.3-1.0.7.el7 |
|
pkg:rpm/oraclelinux/kata-runtime?distro=oraclelinux-7
|
< 1.7.3-1.0.5.el7 |
|
pkg:rpm/oraclelinux/kata-image
|
< 1.7.3-1.0.5.1.ol7_202007011859 |
- ID
- ELSA-2020-5766
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2020-5766.html
- Published
-
2020-07-22T00:00:00
(4 years ago) - Modified
-
2020-07-22T00:00:00
(4 years ago) - Rights
- Copyright 2020 Oracle, Inc.
- Other Advisories
ALPINE:CVE-2020-8557
FEDORA-2020-15a1bde727
GO-2024-2748| Source | # ID | Name | URL |
|---|---|---|---|
| elsa | ELSA-2020-5766 |
|
|
| CVE | CVE-2020-8557 |
|
|
| CVE | CVE-2020-2024 |
|
|
| CVE | CVE-2020-2026 |
|
|
| CVE | CVE-2020-2025 |
|
|
| CVE | CVE-2020-8559 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/oraclelinux/olcnectl?distro=oraclelinux-7 | oraclelinux |
olcnectl
|
< 1.0.5-3.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/olcne-utils?distro=oraclelinux-7 | oraclelinux |
olcne-utils
|
< 1.0.5-3.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/olcne-nginx?distro=oraclelinux-7 | oraclelinux |
olcne-nginx
|
< 1.0.5-3.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/olcne-api-server?distro=oraclelinux-7 | oraclelinux |
olcne-api-server
|
< 1.0.5-3.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/olcne-agent?distro=oraclelinux-7 | oraclelinux |
olcne-agent
|
< 1.0.5-3.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kubelet?distro=oraclelinux-7 | oraclelinux |
kubelet
|
< 1.14.9-1.0.6.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kubectl?distro=oraclelinux-7 | oraclelinux |
kubectl
|
< 1.14.9-1.0.6.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kubeadm?distro=oraclelinux-7 | oraclelinux |
kubeadm
|
< 1.14.9-1.0.6.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-container?distro=oraclelinux-7 | oraclelinux |
kernel-uek-container
|
< 4.14.35-1902.303.5.3.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kata?distro=oraclelinux-7 | oraclelinux |
kata
|
< 1.7.3-1.0.7.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kata-runtime?distro=oraclelinux-7 | oraclelinux |
kata-runtime
|
< 1.7.3-1.0.5.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kata-image | oraclelinux |
kata-image
|
< 1.7.3-1.0.5.1.ol7_202007011859 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |