8 matches found
cri-o security update
cri-o 1.26.4-2 - Address CVE-2024-24786 cri-tools 1.26.1-5 - Address CVE-2024-24786 etcd 3.5.10-3 - Address protobuf CVE-2024-24786 3.5.10-1 - Added Oracle specific build files istio 1.17.8-3 - Address protobuf CVE-2024-24786 - Backport from 1.19.7 to address CVE-2024-23322, CVE-2024-23323,...
cri-o security update
cri-o 1.26.4-2 - Address CVE-2024-24786 cri-tools 1.26.1-5 - Address CVE-2024-24786 etcd 3.5.10-3 - Address protobuf CVE-2024-24786 3.5.10-1 - Added Oracle specific build files istio 1.17.8-3 - Address protobuf CVE-2024-24786 - Backport from 1.19.7 to address CVE-2024-23322, CVE-2024-23323,...
Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-034)
The version of ecs-service-connect-agent installed on the remote host is prior to v1.27.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-034 advisory. Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happ...
Important: ecs-service-connect-agent
Issue Overview: Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedgeonpertrytimeout is enabled, 2. pertryidletimeout is enabled it can only be done in configuration, 3...
CVE-2024-23323
creationtimestamp| type| source ---|---|--- 2024-02-10 00:21:26+00:00| seen| https://t.me/ctinow/182356 2024-03-03 10:46:24+00:00| seen| https://t.me/ctinow/198667 2024-04-26 06:13:39+00:00| seen| https://t.me/arpsyndicate/4895...
CVE-2024-23323 Excessive CPU usage when URI template matcher is configured using regex in Envoy
Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and...
CVE-2024-23323 Excessive CPU usage when URI template matcher is configured using regex in Envoy
Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and...
CVE-2024-23323
Envoy CVE-2024-23323 affects the Envoy proxy where the regex matcher is compiled per request, causing high CPU and increased latency when multiple routes use such matchers. The issue has specific fixes in released versions 1.29.1, 1.28.1, 1.27.3, and 1.26.7; upgrading is advised. The provided doc...