oss-sec mailing list archives
Envoy security releases [1.29.3, 1.28.2, 1.27.4, 1.26.8] are now available
From: Jan Schaumann <jschauma () netmeister org>
Date: Fri, 5 Apr 2024 13:51:36 -0400
[ threading under VU#421644; I'm not affiliated with Envoy, but happen to track this vulnerability ] https://groups.google.com/g/envoy-security-announce/c/5XgxqT2lDg8 | We would like to announce the release of the following | patch versions: | | - 1.29.3 | - 1.28.2 | - 1.27.4 | - 1.26.8 | | These releases resolve | [CVE-2024-30255](https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm) | | We would also like to disclose that versions 1.29.0 | and 1.29.1 were also | vulnerable to the more severe | [CVE-2024-27919](https://github.com/envoyproxy/envoy/security/advisories/GHSA-gghf-vfxp-799r) | | You are encouraged to update your versions of Envoy. | | Further information about the releases can be found on | the Envoy releases page: | | https://github.com/envoyproxy/envoy/releases -Jan
Current thread:
- CERT/CC VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks Alan Coopersmith (Apr 03)
- Envoy security releases [1.29.3, 1.28.2, 1.27.4, 1.26.8] are now available Jan Schaumann (Apr 05)
- Go 1.22.2 and 1.21.9 (CVE-2023-45288 HTTP/2 CONTINUATION issue) Jan Schaumann (Apr 05)