Site icon API Security Blog

(RHSA-2023:4624) Important: Red Hat OpenShift Service Mesh Containers for 2.3.6 security update

Red Hat OpenShift Service Mesh is Red Hat’s distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

Security Fix(es):

* envoy: OAuth2 credentials exploit with permanent validity (CVE-2023-35941)

* envoy: Incorrect handling of HTTP requests and responses with mixed case schemes (CVE-2023-35944)

* envoy: HTTP/2 memory leak in nghttp2 codec (CVE-2023-35945)

* envoy: gRPC access log crash caused by the listener draining (CVE-2023-35942)

* envoy: CORS filter segfault when origin header is removed (CVE-2023-35943)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Read More

Exit mobile version