Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2022-3172) (Multiple Advisories): kubernetes security update

Back to Search

Oracle Linux: (CVE-2022-3172) (Multiple Advisories): kubernetes security update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
10/03/2022
Created
10/06/2022
Added
10/04/2022
Modified
10/06/2022

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ELSA-2022-9854:

kubernetes [1.21.14-2] - Fixed kubernetes-cni version. [1.21.14-1] - Addresses CVE-2022-3172 olcne [1.4.8-2] - Updated Kubernetes package release version to 1.21.6-2 [1.4.8-1] - Upgraded kubernetes-1.21.6 to 1.21.14 - Resolve Kubernetes CVE-2022-3172 for version 1.21 [1.4.7-1] - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 [1.4.6-2] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over - Update gen-certs-helper script to skip printing olcne_transfer_script execution - Cleanup grpc connection when node not found and use substr method in case fqdn used for hostname [1.4.6-1] - Adress Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227 [1.4.5-1] - Address qemu CVE-2022-26353, CVE-2021-3748 [1.4.4-1] - Excluded unnecessary directories from k8s backup files [1.4.3-1] - Update Istio to 1.13.2 [1.4.2-1] - Added 1.4 extra images to registry-image-helper.sh script [1.4.1-4] - Ensure that the order of items in an upgraded config file is stable with respect to the original file - Ensure that old olcnectl config files are upgraded [1.4.1-3] - Fixed a bug where specifying a port in the container-registry argument to the Kubernetes module would result in pods not being able to start. [1.4.1-2] - Allow loadbalancer to be configured regardless of security list mode [1.4.1-1] - Fix bug in initialising certs manager when environment name not mentioned [1.4.0-3] - Fix bug in fetching report for multi-environment [1.4.0-2] - Pause image is 3.4.1 [1.4.0-1] - CSI plugin - Reports feature - Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade - Istio-1.9.4 to Istio-1.11.4 upgrade - Component upgrades - Config file feature [1.3.0-13] - Fix iptables issue when running on OL7 host using OL8 image [1.3.0-12] - Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007 [1.3.0-11] - Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282] [1.3.0-10] - Fixed missing double semicolon in registry image helper [1.3.0-9]

Solution(s)

  • oracle-linux-upgrade-kubeadm
  • oracle-linux-upgrade-kubectl
  • oracle-linux-upgrade-kubelet
  • oracle-linux-upgrade-kubernetes
  • oracle-linux-upgrade-olcne
  • oracle-linux-upgrade-olcne-agent
  • oracle-linux-upgrade-olcne-api-server
  • oracle-linux-upgrade-olcne-gluster-chart
  • oracle-linux-upgrade-olcne-grafana-chart
  • oracle-linux-upgrade-olcne-istio-chart
  • oracle-linux-upgrade-olcne-metallb-chart
  • oracle-linux-upgrade-olcne-nginx
  • oracle-linux-upgrade-olcne-oci-ccm-chart
  • oracle-linux-upgrade-olcne-oci-csi-chart
  • oracle-linux-upgrade-olcne-olm-chart
  • oracle-linux-upgrade-olcne-prometheus-chart
  • oracle-linux-upgrade-olcne-utils
  • oracle-linux-upgrade-olcnectl

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;