6 matches found
Oracle Linux 8 : cri-o (ELSA-2024-12348)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12348 advisory. - Address CVE-2024-24786 cri-tools - Address CVE-2024-24786 etcd - Address protobuf CVE-2024-24786 - Address protobuf CVE-2024-24786 - Backport from...
cri-o security update
cri-o 1.26.4-2 - Address CVE-2024-24786 cri-tools 1.26.1-5 - Address CVE-2024-24786 etcd 3.5.10-3 - Address protobuf CVE-2024-24786 3.5.10-1 - Added Oracle specific build files istio 1.17.8-3 - Address protobuf CVE-2024-24786 - Backport from 1.19.7 to address CVE-2024-23322, CVE-2024-23323,...
Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-034)
The version of ecs-service-connect-agent installed on the remote host is prior to v1.27.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-034 advisory. Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happ...
CVE-2024-23327
A flaw was found in the Envoy proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block...
CVE-2024-23327 Crash in proxy protocol when command type of LOCAL in Envoy
Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the...
CVE-2024-23327
CVE-2024-23327 affects Envoy: when PPv2 is enabled on a listener and a downstream cluster, the Envoy process can segfault while crafting the upstream PPv2 header if the downstream request uses a LOCAL command type and lacks a protocol block. This vulnerability is fixed in Envoy releases 1.29.1, 1...