Lucene search
OracleLinuxELSA-2024-12328HistoryApr 16, 2024 - 12:00 a.m.
cri-o security update
2024-04-1600:00:00
linux.oracle.com
11
cri-o
cri-tools
etcd
istio
kubernetes
olcne
security update
cve-2024-24786
cve-2023-39326
protobuf
golang
coredns
oracle
vulnerabilities
unix
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.4
Confidence
High
EPSS
0.001
Percentile
17.0%
cri-o
[1.25.5-2]
- Address CVE-2024-24786
cri-tools
[1.25.0-4] - Address CVE-2024-24786
etcd
[3.5.9-4] - Address protobuf [CVE-2024-24786]
[3.5.9-3] - Address CVE-2023-39326 by upgrading golang to version 1.20.12
istio
[1.16.7-4] - Address protobuf [CVE-2024-24786]
- Backport from 1.19.7 to address CVE-2024-23322, CVE-2024-23323, CVE-2024-23324, CVE-2024-23325, CVE-2024-23327
kubernetes
[1.25.16-2] - Fixed CoreDNS version check
[1.25.16-1] - Added Oracle specific build files for Kubernetes
olcne
[1.6.7-3] - Fixed unable to deploy new module(s) using config file containing already existing modules
- Update Istio-1.16.7 to address CVE-2024-24786, CVE-2024-23322, CVE-2024-23323, CVE-2024-23324, CVE-2024-23325, CVE-2024-23327
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 8 | src | cri-o | < 1.25.5-2.el8 | cri-o-1.25.5-2.el8.src.rpm |
| oracle linux | 8 | src | cri-tools | < 1.25.0-4.el8 | cri-tools-1.25.0-4.el8.src.rpm |
| oracle linux | 8 | src | etcd | < 3.5.9-4.el8 | etcd-3.5.9-4.el8.src.rpm |
| oracle linux | 8 | src | istio | < 1.16.7-4.el8 | istio-1.16.7-4.el8.src.rpm |
| oracle linux | 8 | src | kubernetes | < 1.25.16-2.el8 | kubernetes-1.25.16-2.el8.src.rpm |
| oracle linux | 8 | src | olcne | < 1.6.7-3.el8 | olcne-1.6.7-3.el8.src.rpm |
| oracle linux | 8 | x86_64 | cri-o | < 1.25.5-2.el8 | cri-o-1.25.5-2.el8.x86_64.rpm |
| oracle linux | 8 | x86_64 | cri-tools | < 1.25.0-4.el8 | cri-tools-1.25.0-4.el8.x86_64.rpm |
| oracle linux | 8 | x86_64 | etcd | < 3.5.9-4.el8 | etcd-3.5.9-4.el8.x86_64.rpm |
| oracle linux | 8 | x86_64 | istio | < 1.16.7-4.el8 | istio-1.16.7-4.el8.x86_64.rpm |
Related
oraclelinux
oraclelinux
cri-o security update
2024-04-26 00:00:00
cri-o security update
2024-04-26 00:00:00
cri-o security update
2024-04-16 00:00:00
nvd
nvd
CVE-2024-23327
2024-02-09 23:15:09
osv
osv
BIT-envoy-2024-23327
2024-03-06 10:51:34
CVE-2024-23327
2024-02-09 23:15:09
CGA-f579-937j-c2rf
2024-06-06 12:25:52
cve
cve
CVE-2024-23327
2024-02-09 23:15:09
CVE-2024-24786
2024-03-05 23:15:07
redhatcve
redhatcve
CVE-2024-23327
2024-02-14 21:34:15
CVE-2024-24786
2024-03-06 07:12:54
veracode
veracode
Denial Of Service (DoS)
2024-02-13 15:57:59
cvelist
cvelist
CVE-2024-23327 Crash in proxy protocol when command type of LOCAL in Envoy
2024-02-09 22:41:54
prion
prion
Design/Logic Flaw
2024-02-09 23:15:00
nessus
nessus
Oracle Linux 8 : cri-o (ELSA-2024-12348)
2024-04-29 00:00:00
Oracle Linux 9 : cri-o (ELSA-2024-12347)
2024-04-29 00:00:00
RHEL 7 : rhc-worker-script (RHSA-2024:1874)
2024-04-18 00:00:00
cbl_mariner
cbl_mariner
almalinux
almalinux
Moderate: buildah bug fix update
2024-04-30 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6746-2)
2024-06-26 00:00:00
Ubuntu: Security Advisory (USN-6746-1)
2024-04-24 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: kubernetes-1.26.15-1.fc38
2024-03-24 01:36:01
redhat
redhat
ibm
ibm
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.4
Confidence
High
EPSS
0.001
Percentile
17.0%
Related for ELSA-2024-12328