3 matches found
olcne istio istio kubernetes security update
olcne 1.3.2-2 - Turn off default PodDisruptionBudget in istio template to unblock kubernetes module upgrade - Update Kubernetes version to 1.20.11 to address CVE-2021-25741 - Update Istio to 1.9.8, 1.10.4 to address CVE-2021-32777, CVE-2021-32778, CVE-2021-32779, CVE-2021-32780 & CVE-2021-32781 -...
CVE-2021-32778
CVE-2021-32778 affects Envoy, where the HTTP/2 stream reset procedure has O(N^2) time complexity, causing high CPU and potential DoS when many streams are opened and closed. Connected advisories indicate fixes in Envoy versions 1.16.5, 1.17.4, 1.18.4, and 1.19.1, addressing the inefficiency. Othe...
CVE-2021-32778 Excessive CPU utilization when closing HTTP/2 streams
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy’s procedure for resetting a HTTP/2 stream has ON^2 complexity, leading to high CPU utilization when a large number of streams are reset. Deployments are...