days to Istio 1.5

Security Bulletins

Disclosed security vulnerabilities and their mitigation.

DivulgaçãoDataLançamentos afetadosPontuação de impactoRelacionado
ISTIO-SECURITY-2019-00710 de janeiro de 20191.2 to 1.2.9
1.3 to 1.3.5
1.4 to 1.4.1
9.0Heap overflow and improper input validation in Envoy
ISTIO-SECURITY-2019-0067 de janeiro de 20191.3 to 1.3.4
7.5Denial of service
ISTIO-SECURITY-2019-0058 de janeiro de 20191.1 to 1.1.15
1.2 to 1.2.6
1.3 to 1.3.1
7.5Denial of service caused by the presence of numerous HTTP headers in client requests
Istio 1.2.4 sidecar image vulnerability10 de janeiro de 20191.2 to 1.2.4
An erroneous 1.2.4 sidecar image was available due to a faulty release operation
ISTIO-SECURITY-2019-00313 de janeiro de 20191.1 to 1.1.12
1.2 to 1.2.3
7.5Denial of service in regular expression parsing
ISTIO-SECURITY-2019-00413 de janeiro de 20191.1 to 1.1.12
1.2 to 1.2.3
7.5Multiple denial of service vulnerabilities related to HTTP2 support in Envoy
ISTIO-SECURITY-2019-00228 de janeiro de 20191.0 to 1.0.8
1.1 to 1.1.9
1.2 to 1.2.1
7.5Denial of service affecting JWT access token parsing
ISTIO-SECURITY-2019-00128 de janeiro de 20191.1 to 1.1.6
8.9Incorrect access control