Lucene search
OracleLinuxELSA-2024-12329HistoryApr 16, 2024 - 12:00 a.m.
cri-o security update
2024-04-1600:00:00
linux.oracle.com
12
security updates
cve-2024-24786
cve-2024-23322
cri-o
cri-tools
etcd
istio
kubernetes
olcne
coredns
protobuf
golang
unix
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.5
Confidence
High
EPSS
0.001
Percentile
17.0%
cri-o
[1.25.5-2]
- Address CVE-2024-24786
cri-tools
[1.25.0-4] - Address CVE-2024-24786
etcd
[3.5.9-4] - Address protobuf [CVE-2024-24786]
[3.5.9-3] - Address CVE-2023-39326 by upgrading golang to version 1.20.12
istio
[1.16.7-4] - Address protobuf [CVE-2024-24786]
- Backport from 1.19.7 to address CVE-2024-23322, CVE-2024-23323, CVE-2024-23324, CVE-2024-23325, CVE-2024-23327
kubernetes
[1.25.16-2] - Fixed CoreDNS version check
olcne
[1.6.7-3] - Fixed unable to deploy new module(s) using config file containing already existing modules
- Update Istio-1.16.7 to address CVE-2024-24786, CVE-2024-23322, CVE-2024-23323, CVE-2024-23324, CVE-2024-23325, CVE-2024-23327
- Update Kubernetes-1.25.16 and components to address CVE-2024-24786
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 7 | src | cri-o | < 1.25.5-2.el7 | cri-o-1.25.5-2.el7.src.rpm |
| oracle linux | 7 | src | cri-tools | < 1.25.0-4.el7 | cri-tools-1.25.0-4.el7.src.rpm |
| oracle linux | 7 | src | etcd | < 3.5.9-4.el7 | etcd-3.5.9-4.el7.src.rpm |
| oracle linux | 7 | src | istio | < 1.16.7-4.el7 | istio-1.16.7-4.el7.src.rpm |
| oracle linux | 7 | src | kubernetes | < 1.25.16-2.el7 | kubernetes-1.25.16-2.el7.src.rpm |
| oracle linux | 7 | src | olcne | < 1.6.7-3.el7 | olcne-1.6.7-3.el7.src.rpm |
| oracle linux | 7 | x86_64 | cri-o | < 1.25.5-2.el7 | cri-o-1.25.5-2.el7.x86_64.rpm |
| oracle linux | 7 | x86_64 | cri-tools | < 1.25.0-4.el7 | cri-tools-1.25.0-4.el7.x86_64.rpm |
| oracle linux | 7 | x86_64 | etcd | < 3.5.9-4.el7 | etcd-3.5.9-4.el7.x86_64.rpm |
| oracle linux | 7 | x86_64 | istio | < 1.16.7-4.el7 | istio-1.16.7-4.el7.x86_64.rpm |
Related
oraclelinux
oraclelinux
cri-o security update
2024-04-26 00:00:00
cri-o security update
2024-04-16 00:00:00
cri-o security update
2024-04-26 00:00:00
osv
osv
BIT-envoy-2024-23327
2024-03-06 10:51:34
CVE-2024-23327
2024-02-09 23:15:09
CGA-64v8-p8cw-m5w7
2024-06-06 12:24:25
cve
cve
CVE-2024-23327
2024-02-09 23:15:09
nvd
nvd
CVE-2024-23327
2024-02-09 23:15:09
redhatcve
redhatcve
CVE-2024-23327
2024-02-14 21:34:15
CVE-2024-24786
2024-03-06 07:12:54
veracode
veracode
Denial Of Service (DoS)
2024-02-13 15:57:59
cvelist
cvelist
prion
prion
Design/Logic Flaw
2024-02-09 23:15:00
nessus
nessus
Oracle Linux 9 : cri-o (ELSA-2024-12347)
2024-04-29 00:00:00
RHEL 7 : rhc-worker-script (RHSA-2024:1874)
2024-04-18 00:00:00
RHEL 9 : buildah update (Moderate) (RHSA-2024:2550)
2024-04-30 00:00:00
redhat
redhat
fedora
fedora
[SECURITY] Fedora 38 Update: kubernetes-1.26.15-1.fc38
2024-03-24 01:36:01
cbl_mariner
cbl_mariner
CVE-2024-24786 affecting package cri-o for versions less than 1.30.1-1
2024-06-21 09:32:44
CVE-2024-24786 affecting package telegraf for versions less than 1.29.4-8
2024-09-13 18:09:05
openvas
openvas
Ubuntu: Security Advisory (USN-6746-1)
2024-04-24 00:00:00
ibm
ibm
ubuntu
ubuntu
Google Guest Agent and Google OS Config Agent vulnerability
2024-06-25 00:00:00
github
github
f5
f5
K000141024: GO vulnerability CVE-2024-24786
2024-09-20 00:00:00
almalinux
almalinux
Moderate: buildah bug fix update
2024-04-30 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.5
Confidence
High
EPSS
0.001
Percentile
17.0%
Related for ELSA-2024-12329