Stay Informed
This week, read about:
- Linus Torvalds Couldn't Find An Excuse To Hold Back Linux 6.5, So Here It Is.
- Welcome New Repositories for AlmaLinux OS: Testing and Synergy.
- SUSE To Flip Back Into Private Ownership After Just Two-and-a-Bit Years.
- CVE-2023-40217.
Key Security, Maintenance, and Features Releases
Security Based Updates
Updates to the OpenLogic CentOS Repository
OpenLogic’s Enterprise Linux Team has recently published the following updates:
- CVE-2022-38177 and CVE-2022-38178
- CentOS 8
- bind-9.11.26-6_ol001.el8
We recommend that you update your CentOS 8 systems to protect against this vulnerability.
As usual, please ensure that you test these updates before deploying to production.
If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
Kubernetes 1.28.1
This release contains changes that address the following vulnerabilities:
CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
Affected Versions:
- kubelet <= v1.28.0
- kubelet <= v1.27.4
- kubelet <= v1.26.7
- kubelet <= v1.25.12
- kubelet <= v1.24.16
Fixed Versions:
- kubelet v1.28.1
- kubelet v1.27.5
- kubelet v1.26.8
- kubelet v1.25.13
- kubelet v1.24.17
CVSS Rating: High (8.8) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
Affected Versions:
- kubelet <= v1.28.0
- kubelet <= v1.27.4
- kubelet <= v1.26.7
- kubelet <= v1.25.12
- kubelet <= v1.24.16
Fixed Versions:
- kubelet v1.28.1
- kubelet v1.27.5
- kubelet v1.26.8
- kubelet v1.25.13
- kubelet v1.24.17
CVSS Rating: High (8.8) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Non-Security Updates
Angular 16.2.2
*Allow safeUrl for ngSrc in NgOptimizedImage
*enforce a minimum version to be used when a library uses input transform
*guard the jasmine hooks
*Ensure canceledNavigationResolution: 'computed' works on first page
Apache Tomcat 10.1.13
Catalina:
Fix: If an application or library sets both a non-500 error code and the jakarta.servlet.error.exception request attribute, use the provided error code during error page processing rather than assuming an error code of 500.
Fix: Update code comments and Tomcat output to use MiB for 1024 * 1024 bytes and KiB for 1024 bytes rather than MB and kB.
Fix: Avoid protocol relative redirects in FORM authentication.
Web applications:
Fix: Documentation. Update documentation to use MiB for 1024 * 1024 bytes and KiB for 1024 bytes rather than MB and kB.
Other:
Add: Improvements to Chinese translations.
Add: Improvements to French translations.
Add: Improvements to Japanese translations by tak7iji.
- Sandwich view: You can now show a sandwich view of any symbol in the flame graph. Sandwich view shows all the callers on the top and all the callees of the symbol on the bottom. This is useful when you want to see the context of a symbol.
- Switching color scheme: You can now switch color scheme between a color gradient based on the relative value of a symbol or by the package name of a symbol.
- Switching symbol name alignment: Symbols with long names may be hard to differentiate if they have the same prefix. This new option allows you to align the text to the left or right so you can see the part of the symbol name that’s important.
- Improved navigation: You can highlight a symbol or enable sandwich view for a symbol from the table. Also, a new status bar on top of the flame graph displays which views are enabled.
- Many more improvements
- Move plugins page title into sidebar so that plugins app bar is at the top of the page.
- Remove eval call in hudsonbehavior.js.
- Update Turkish localizations for the job configuration page.
- Refresh link design.
- Display a notice when plugin updates are available or when there are no plugins installed.
- Update the design of the content blocks. (
- Remove the unnecessary hashelp class additions from hudsonbehaviour.js.
- Hide administrative monitors icons/popup in the header of Manage Jenkins, as they're shown directly on the page.
- The plain text console log will still be printed even if some console annotations are corrupt.
- Fix link to job in the message informing administrators of trigger computations that run for an unusually long time.
- Deprecate findAncestor and findAncestorClass in hudsonbehaviour.js.
RabbitMQ 3.12.4
Core Server
Bug Fixes:
- Consumer churn on quorum queues could result in some messages not being delivered
Management Plugin
Bug Fixes:
- Quorum queue replica management operations over the HTTP API now can be
disabled. This can be useful in environments where replica management
is done by the platform team and tooling, and should not be exposed to
cluster users.
Federation Plugin
Bug Fixes:
- Queue federation links that connected quorum queues could get stuck
(stop transferring messages even when there were no other consumers on the upstream).
LDAP AuthN/AuthZ Backend Plugin
Bug Fixes:
- LDAP plugin did not interpolate values with non-ASCII characters correctly.