<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Envoy security releases [1.29.3, 1.28.2, 1.27.4, 1.26.8] are now available
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Jan Schaumann <jschauma () netmeister org>
Date: Fri, 5 Apr 2024 13:51:36 -0400
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
[ threading under VU#421644; I'm not affiliated with
Envoy, but happen to track this vulnerability ]
https://groups.google.com/g/envoy-security-announce/c/5XgxqT2lDg8
| We would like to announce the release of the following
| patch versions:
|
| - 1.29.3
| - 1.28.2
| - 1.27.4
| - 1.26.8
|
| These releases resolve
| [CVE-2024-30255](https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm)
|
| We would also like to disclose that versions 1.29.0
| and 1.29.1 were also
| vulnerable to the more severe
| [CVE-2024-27919](https://github.com/envoyproxy/envoy/security/advisories/GHSA-gghf-vfxp-799r)
|
| You are encouraged to update your versions of Envoy.
|
| Further information about the releases can be found on
| the Envoy releases page:
|
| https://github.com/envoyproxy/envoy/releases
-Jan
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
CERT/CC VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks Alan Coopersmith (Apr 03)
Envoy security releases [1.29.3, 1.28.2, 1.27.4, 1.26.8] are now available Jan Schaumann (Apr 05)
Go 1.22.2 and 1.21.9 (CVE-2023-45288 HTTP/2 CONTINUATION issue) Jan Schaumann (Apr 05)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->