Detections
Analytics
Oracle Linux 7 : kubernetes (ELSA-2018-4061)
critical Nessus Plugin ID 108939
Language:
Synopsis
The remote Oracle Linux host is missing one or more security updates.Description
Description of changes:[1.9.1-2.1.5]
- Production built 1.9.1-2.1.5
- Fix the upgrade version check
- Remove w/a from [Orabug 27125915]
[1.9.1-2.1.4.dev]
- Make sure worker node upgrade properly
- [Orabug 27649898]
[1.9.1-2.1.3.dev]
- Ensure that the runtime mounts RO volumes read-only [CVE-2017-1002102]
- Update Dashboard version to v1.8.3 [CVE-2017-1002102]
- Fix nested volume mounts for read-only API data volumes [CVE-2017-1002102]
- Fixed kubeadm-setup.sh and kubeadm-registry.sh
- Add feature gate for subpath [CVE-2017-1002101]
- Add subpath e2e tests [CVE-2017-1002101]
- Lock subPath volumes [CVE-2017-1002101]
Solution
Update the affected kubernetes packages.See Also
https://oss.oracle.com/pipermail/el-errata/2018-April/007602.html
Plugin Details
Severity: Critical
ID: 108939
File Name: oraclelinux_ELSA-2018-4061.nasl
Version: 1.4
Type: local
Agent: unix
Published: 4/10/2018
Updated: 9/27/2019
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.1
CVSS v2
Risk Factor: Medium
Base Score: 6.3
Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C
CVSS v3
Risk Factor: Critical
Base Score: 9.6
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Vulnerability Information
CPE: p-cpe:/a:oracle:linux:kubeadm, p-cpe:/a:oracle:linux:kubectl, p-cpe:/a:oracle:linux:kubelet, p-cpe:/a:oracle:linux:kubernetes, cpe:/o:oracle:linux:7
Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list
Patch Publication Date: 4/6/2018
Vulnerability Publication Date: 3/13/2018