4 matches found
Oracle Linux 7 : olcne (ELSA-2021-9526)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9526 advisory. - Update Kubernetes version to 1.20.11 to address CVE-2021-25741 - Update Istio to 1.9.8, 1.10.4 to address CVE-2021-32777, CVE-2021-32778,...
olcne istio istio kubernetes security update
olcne 1.3.2-2 - Turn off default PodDisruptionBudget in istio template to unblock kubernetes module upgrade - Update Kubernetes version to 1.20.11 to address CVE-2021-25741 - Update Istio to 1.9.8, 1.10.4 to address CVE-2021-32777, CVE-2021-32778, CVE-2021-32779, CVE-2021-32780 & CVE-2021-32781 -...
CVE-2021-32780 Incorrect handling of H/2 GOAWAY followed by SETTINGS frames
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to...
CVE-2021-32780
CVE-2021-32780 affects Envoy. A sequence of HTTP/2 GOAWAY followed by SETTINGS (SETTINGS_MAX_CONCURRENT_STREAMS=0) frames can trigger an invalid state transition from CLOSED to DRAINING, causing abnormal termination and DoS in the presence of untrusted upstream servers. Affected Envoy versions in...