4 matches found
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 1.1.13 security update
An update for servicemesh and servicemesh-proxy is now available for OpenShift Service Mesh 1.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
RHEL 8 : Red Hat OpenShift Service Mesh 1.1.13 (RHSA-2021:1322)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1322 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...
CVE-2019-25014
A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic resulting in a denial of service to the istio-pilot...
CVE-2019-25014
CVE-2019-25014 involves a NULL pointer dereference in Istio’s Istio-pilot component (pkg/proxy/envoy/v2/debug.go getResourceVersion) prior to 1.5.0-alpha.0. A specific HTTP GET to the pilot debug API endpoint can cause the Go runtime to panic, yielding a denial-of-service against istio-pilot. The...