Stay Informed
This week, read about:
- Rancher Government Solutions and The Linux Foundation Partner to Accelerate Digital Transformation with World Class Cloud Native Training and Certification Programs.
- The Pros and Cons of Using Open-Source Kubernetes Security Software.
- Hive Ransomware Attackers Extorted $100 Million From Over 1,300 Companies Worldwide.
Key Security, Maintenance, and Features Releases
Security Based Updates
OpenLogic is proud to announce updates to packages that are part of our CentOS Linux 6 and 8 support offerings. You can find updates to the following packages:
dhcp-4.1.1-63.P1_ol001.el6
- Backport upstream patch from rhbz#1963258 to address CVE-2021-25217 (Upstream patch for 4.1-ESV-R16)
dhclient-4.1.1-63.P1_ol001.el6.x86_64.rpm
dhcp-4.1.1-63.P1_ol001.el6.src.rpm
dhcp-4.1.1-63.P1_ol001.el6.x86_64.rpm
dhcp-common-4.1.1-63.P1_ol001.el6.x86_64.rpm
dhcp-debuginfo-4.1.1-63.P1_ol001.el6.x86_64.rpm
dhcp-devel-4.1.1-63.P1_ol001.el6.x86_64.rpm
rsyslog-8.2102.0-5_ol001.el8
- Backport patch for CVE-2022-24903
rsyslog-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-crypto-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-doc-8.2102.0-5_ol001.el8.noarch.rpm
rsyslog-elasticsearch-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-gnutls-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-openssl-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-gssapi-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-kafka-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-mmaudit-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-mmjsonparse-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-mmkubernetes-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-mmnormalize-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-mmsnmptrapd-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-mysql-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-omamqp1-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-pgsql-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-relp-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-snmp-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-udpspoof-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-debugsource-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-debuginfo-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-crypto-debuginfo-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-elasticsearch-debuginfo-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-gnutls-debuginfo-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-openssl-debuginfo-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-gssapi-debuginfo-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-kafka-debuginfo-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-mmaudit-debuginfo-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-mmjsonparse-debuginfo-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-mmkubernetes-debuginfo-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-mmnormalize-debuginfo-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-mmsnmptrapd-debuginfo-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-mysql-debuginfo-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-omamqp1-debuginfo-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-pgsql-debuginfo-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-relp-debuginfo-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-snmp-debuginfo-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-udpspoof-debuginfo-8.2102.0-5_ol001.el8.x86_64.rpm
rsyslog-8.2102.0-5_ol001.el8.src.rpm
Other Security Based Updates
Kubernetes 1.25.4
CVE-2022-3162: Unauthorized read of Custom Resources
A security issue was discovered in Kubernetes where users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group they are not authorized to read.
CVE-2022-3294: Node address isn't always verified when proxying
A security issue was discovered in Kubernetes where users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can to modify Node objects and send requests proxying through them.
Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to be redirected to the API Server through its private network.
The merged fix enforces validation against the proxying address for a Node. In some cases, the fix can break clients that depend on the nodes/proxy subresource, specifically if a kubelet advertises a localhost or link-local address to the Kubernetes control plane. Configuring an egress proxy for egress to the cluster network can also mitigate this vulnerability.
Non-security Based Updates
Apache Artemis 2.27.0
[ARTEMIS-3264] - Core to AMQP conversion error causes client disconnect
[ARTEMIS-4002] - Support env $JAVA_ARGS_APPEND to override by appending to the java command used by the scripts
[ARTEMIS-4010] - LegacyLDAPSecuritySettingPlugin missing data
[ARTEMIS-4013] - PostgresLargeObjectManager does incorrectly unwrap the jdbc connection
Firefox 107
Improved the performance of the instance when Microsoft's IME and Defender retrieve the URL of a focused document in Windows 11 version 22H2.
Power profiling — visualizing performance data recorded from web browsers — is now also supported on Linux and Mac with Intel CPUs, in addition to Windows 11 and Apple Silicon.
Various security fixes.
Various bug fixes and new policies have been implemented in the latest version of Firefox. You can find more information in the Firefox for Enterprise 107 Release Notes.
Jenkins 2.378
Label 'Dismiss' buttons red. (pull 7364)
Replace 'Changes' view icon with a symbol. (pull 7229)
Update 'Manage Nodes' page to use app bar and remove sidebar from 'New Node' page. (pull 7352)
Add telemetry for activation of permissions that are not enabled by default. (issue 70044)
Wildfly 27
[WFLY-8770] - Integrate aws.S3_PING discovery protocol
[WFLY-14693] - Support ActiveMQ Artemis' "auto-delete-created-queue" property
[WFLY-14947] - Implement the Observability policy - Metrics
[WFLY-15679] - Support for Jakarta EE 10