9 matches found
Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.3 security update
Red Hat OpenShift Service Mesh Containers for 2.4.3 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
istio security update
istio 1.17.5-1 - Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944. kubevirt 0.58.0-3 - Ensure that selinux build tags are set for all Go builds olcne 1.7.2-2 - Update kubevirt image versions fixing selinux=enforce not being supported 1.7.2-1 - Add Istio-1.17.5 and...
Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2023-006)
The version of ecs-service-connect-agent installed on the remote host is prior to v1.26.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-006 advisory. Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to...
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2023-300)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-300 advisory. Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct...
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.3.6 security update
Red Hat OpenShift Service Mesh 2.3.6 Containers Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
CVE-2023-35942
A flaw was found in Envoy, where gRPC access loggers using the listener's global scope can cause a use-after-free crash when the listener is drained. This issue can be triggered by a listener discovery service LDS update with the same gRPC access log configuration...
CVE-2023-35942 Envoy's gRPC access log crash caused by the listener draining
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a use-after-free crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9,...
CVE-2023-35942 Envoy's gRPC access log crash caused by the listener draining
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a use-after-free crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9,...
CVE-2023-35942
CVE-2023-35942 affects Envoy. Prior to fixes, gRPC access loggers using a listener’s global scope can cause a use-after-free crash when the listener is drained. Affected versions: < 1.23.12, < 1.24.10, < 1.25.9, < 1.26.4,