The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.
This section lists the notable changes in Release 1.0.5 of Oracle Linux Cloud Native Environment.
Kubernetes Updated: Kubernetes security fixes have been pack ported to Release 1.14.9 to resolve the following CVEs.
CVE-2020-8559. This CVE relates to an issue where if an attacker is able to intercept certain requests to the kubelet, they can send a redirect response that may be followed by a client using the credentials from the original request. This can lead to compromise of other nodes.
CVE-2020-8557. This CVE relates to an issue where the
/etc/hostsfile mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the/etc/hostsfile, it could fill the storage space of the node and cause the node to fail.
Kata Updated: Kata security fixes have been back ported to Release 1.7.3 to resolve the following CVEs.
CVE-2020-2024. This CVE relates to an improper link resolution vulnerability when tearing down a container. A malicious guest could trick the kata-runtime into unmounting any mount point on the host and all mount points underneath it, potentiality resulting in a host Denial of Service.
CVE-2020-2025. This CVE relates to persistent guest file system changes to the underlying image file on the host. A malicious guest could overwrite the image file to gain control of all subsequent guest virtual machines.
CVE-2020-2026. This CVE relates to mounting the untrusted container file system on any host path. A malicious guest that is compromised before a container creation can trick the kata-runtime into mounting the untrusted container file system on any host path, potentially allowing for code execution on the host.
For information about updating to this errata release, see Updates and Upgrades.