Security Bulletins
Disclosed security vulnerabilities and their mitigation.
| Divulgação | Data | Lançamentos afetados | Pontuação de impacto | Relacionado |
|---|---|---|---|---|
| ISTIO-SECURITY-2019-007 | 10 de janeiro de 2019 | 1.2 to 1.2.9 1.3 to 1.3.5 1.4 to 1.4.1 | 9.0 | Heap overflow and improper input validation in Envoy |
| ISTIO-SECURITY-2019-006 | 7 de janeiro de 2019 | 1.3 to 1.3.4 | 7.5 | Denial of service |
| ISTIO-SECURITY-2019-005 | 8 de janeiro de 2019 | 1.1 to 1.1.15 1.2 to 1.2.6 1.3 to 1.3.1 | 7.5 | Denial of service caused by the presence of numerous HTTP headers in client requests |
| Istio 1.2.4 sidecar image vulnerability | 10 de janeiro de 2019 | 1.2 to 1.2.4 | An erroneous 1.2.4 sidecar image was available due to a faulty release operation | |
| ISTIO-SECURITY-2019-003 | 13 de janeiro de 2019 | 1.1 to 1.1.12 1.2 to 1.2.3 | 7.5 | Denial of service in regular expression parsing |
| ISTIO-SECURITY-2019-004 | 13 de janeiro de 2019 | 1.1 to 1.1.12 1.2 to 1.2.3 | 7.5 | Multiple denial of service vulnerabilities related to HTTP2 support in Envoy |
| ISTIO-SECURITY-2019-002 | 28 de janeiro de 2019 | 1.0 to 1.0.8 1.1 to 1.1.9 1.2 to 1.2.1 | 7.5 | Denial of service affecting JWT access token parsing |
| ISTIO-SECURITY-2019-001 | 28 de janeiro de 2019 | 1.1 to 1.1.6 | 8.9 | Incorrect access control |