1. Home
  2. Security Advisories
  3. Oracle Linux
  4. ELSA-2022-9855

[ELSA-2022-9855] kubernetes security update

Severity Important
Affected Packages 18
CVEs 1
Info Packages References Vulnerabilities

kubernetes
[1.22.14-1]
- Added Oracle specific build files for Kubernetes

kubernetes
[1.23.11-1]
- Added Oracle specific build files for Kubernetes

olcne
[1.5.6-1]
- Upgraded kubernetes-1.23.7 to 1.23.11, 1.22.8 to 1.22.14 and 1.21.6 to 1.21.14
- Resolve Kubernetes CVE-2022-3172 for version 1.21
- Resolve Kubernetes CVE-2022-3172 for version 1.22
- Resolve Kubernetes CVE-2022-3172 for version 1.23

[1.5.5-1]
- Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045

[1.5.4-3]
- Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over

[1.5.4-2]
- Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227

[1.5.4-1]
- Upgrade Kubernetes to 1.23.7

[1.5.3-1]
- Address qemu CVE-2022-26353, CVE-2021-3748

[1.5.2-1]
- Excluded unnecessary directories from k8s backup files

[1.5.1-1]
- Fixed the bug in fetching node metadata for non-cloud nodes

[1.5.0-2]
- Upgrade Helm to 3.7.1-2

[1.5.0-2]
- fix null pointer exception in systemd service state validation

[1.5.0-1]
- Introduce support for compact Kubernetes clusters
- Introduce MetalLB
- Introduce Oracle Cloud Infrastructure Cloud Controller Manager
- Improved log messages in Platform API Server and Platform Agent
- Upgrade Kubernetes to 1.22.8
- Upgrade Istio to 1.13.2
- Renamed the oci-csi module to oci-ccm

[1.5.0-20.alpha]
- Update istio-1.13.2 grafana to 7.5.15

[1.5.0-14.alpha]
- Metallb fix

[1.5.0-11.alpha]
- Remove module directories when olcne rpm is uninstalled

[1.5.0-10.alpha]
- OCI CCM 0.13.0

[1.5.0-9.alpha]
- Reworked log messages

[1.5.0-8.alpha]
- Update Istio to 1.13.2(prometheus-2.31.1, grafana-8.4.6)

[1.5.0-7.alpha]
- Update Istio to 1.12.6(prometheus-2.30.1, grafana-7.5.15)

[1.5.0-6.alpha]
- Update to k8s 1.22 with golang 1.17

[1.5.0-5.alpha]
- Update internal docs for oci-ccm module

[1.5.0-4.alpha]
- Extend oci-ccm module to support load balancer

[1.5.0-3.alpha]
- Firewall pre-req

[1.5.0-2.alpha]
- Ensure that config map settings needed by metallb is preserved during k8s upgrade

[1.5.0-1.alpha]
- Metallb module

[1.4.1-14]
- Added 1.4 extra images to registry-image-helper.sh script

[1.4.1-13]
- Update sudoers file and changed its permissions to '0440'

[1.4.1-12]
- Update olcne-kubernetes.md file for 'compact' flag

[1.4.1-11]
- Ensure that the order of items in an upgraded config file is stable with respect to the original file

[1.4.1-10]
- Ensure that old olcnectl config files are upgraded

[1.4.1-9]
- Rename oci-csi module to oci-ccm and add support for oci-ccm loadbalancer creation

[1.4.1-8]
- Make 'compact' flag updatable

[1.4.1-7]
- Introduce 'compact' that enables control-plane nodes to run any workloads

[1.4.1-6]
- Ability to label 1 or more kubernetes nodes

[1.4.1-5]
- Fixed a bug where specifying a port in the container-registry argument
to the Kubernetes module would result in pods not being able to start.

[1.4.1-4]
- Update helm to 3.7.1

[1.4.1-3]
- Update versions to Istio-1.12.2, prometheus-2.31.1 and grafana-7.5.11

[1.4.1-2]
- Allow loadbalancer to be configured regardless of security list mode

[1.4.0-4]
- Fix bug in initialising certs manager when environment name not mentioned

[1.4.0-3]
- Fix bug in fetching report for multi-environment

[1.4.0-2]
- Pause image is 3.4.1

[1.4.0-1]
- CSI plugin
- Reports feature
- Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade
- Istio-1.9.4 to Istio-1.11.4 upgrade
- Component upgrades
- Config file feature

[1.3.0-13]
- Fix iptables issue when running on OL7 host using OL8 image

[1.3.0-12]
- Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007

[1.3.0-11]
- Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282]

[1.3.0-10]
- Fixed missing double semicolon in registry image helper

[1.3.0-9]

Package Affected Version
pkg:rpm/oraclelinux/olcnectl?distro=oraclelinux-7 < 1.5.6-1.el7
pkg:rpm/oraclelinux/olcne-utils?distro=oraclelinux-7 < 1.5.6-1.el7
pkg:rpm/oraclelinux/olcne-prometheus-chart?distro=oraclelinux-7 < 1.5.6-1.el7
pkg:rpm/oraclelinux/olcne-olm-chart?distro=oraclelinux-7 < 1.5.6-1.el7
pkg:rpm/oraclelinux/olcne-oci-ccm-chart?distro=oraclelinux-7 < 1.5.6-1.el7
pkg:rpm/oraclelinux/olcne-nginx?distro=oraclelinux-7 < 1.5.6-1.el7
pkg:rpm/oraclelinux/olcne-metallb-chart?distro=oraclelinux-7 < 1.5.6-1.el7
pkg:rpm/oraclelinux/olcne-istio-chart?distro=oraclelinux-7 < 1.5.6-1.el7
pkg:rpm/oraclelinux/olcne-grafana-chart?distro=oraclelinux-7 < 1.5.6-1.el7
pkg:rpm/oraclelinux/olcne-gluster-chart?distro=oraclelinux-7 < 1.5.6-1.el7
pkg:rpm/oraclelinux/olcne-api-server?distro=oraclelinux-7 < 1.5.6-1.el7
pkg:rpm/oraclelinux/olcne-agent?distro=oraclelinux-7 < 1.5.6-1.el7
pkg:rpm/oraclelinux/kubelet?distro=oraclelinux-7 < 1.22.14-1.el7
pkg:rpm/oraclelinux/kubelet?distro=oraclelinux-7 < 1.23.11-1.el7
pkg:rpm/oraclelinux/kubectl?distro=oraclelinux-7 < 1.22.14-1.el7
pkg:rpm/oraclelinux/kubectl?distro=oraclelinux-7 < 1.23.11-1.el7
pkg:rpm/oraclelinux/kubeadm?distro=oraclelinux-7 < 1.22.14-1.el7
pkg:rpm/oraclelinux/kubeadm?distro=oraclelinux-7 < 1.23.11-1.el7
ID
ELSA-2022-9855
Severity
important
URL
https://linux.oracle.com/errata/ELSA-2022-9855.html
Published
2022-10-03T00:00:00
(23 months ago)
Modified
2022-10-03T00:00:00
(23 months ago)
Rights
Copyright 2022 Oracle, Inc.
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/oraclelinux/olcnectl?distro=oraclelinux-7 oraclelinux olcnectl < 1.5.6-1.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/olcne-utils?distro=oraclelinux-7 oraclelinux olcne-utils < 1.5.6-1.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/olcne-prometheus-chart?distro=oraclelinux-7 oraclelinux olcne-prometheus-chart < 1.5.6-1.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/olcne-olm-chart?distro=oraclelinux-7 oraclelinux olcne-olm-chart < 1.5.6-1.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/olcne-oci-ccm-chart?distro=oraclelinux-7 oraclelinux olcne-oci-ccm-chart < 1.5.6-1.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/olcne-nginx?distro=oraclelinux-7 oraclelinux olcne-nginx < 1.5.6-1.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/olcne-metallb-chart?distro=oraclelinux-7 oraclelinux olcne-metallb-chart < 1.5.6-1.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/olcne-istio-chart?distro=oraclelinux-7 oraclelinux olcne-istio-chart < 1.5.6-1.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/olcne-grafana-chart?distro=oraclelinux-7 oraclelinux olcne-grafana-chart < 1.5.6-1.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/olcne-gluster-chart?distro=oraclelinux-7 oraclelinux olcne-gluster-chart < 1.5.6-1.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/olcne-api-server?distro=oraclelinux-7 oraclelinux olcne-api-server < 1.5.6-1.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/olcne-agent?distro=oraclelinux-7 oraclelinux olcne-agent < 1.5.6-1.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kubelet?distro=oraclelinux-7 oraclelinux kubelet < 1.22.14-1.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kubelet?distro=oraclelinux-7 oraclelinux kubelet < 1.23.11-1.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kubectl?distro=oraclelinux-7 oraclelinux kubectl < 1.22.14-1.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kubectl?distro=oraclelinux-7 oraclelinux kubectl < 1.23.11-1.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kubeadm?distro=oraclelinux-7 oraclelinux kubeadm < 1.22.14-1.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kubeadm?distro=oraclelinux-7 oraclelinux kubeadm < 1.23.11-1.el7 oraclelinux-7
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date