oss-security - Envoy security releases [1.29.3, 1.28.2, 1.27.4, 1.26.8] are now available

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <ZhA6KNc0yadT0fWL@netmeister.org>
Date: Fri, 5 Apr 2024 13:51:36 -0400
From: Jan Schaumann <jschauma@...meister.org>
To: oss-security@...ts.openwall.com
Subject: Envoy security releases [1.29.3, 1.28.2, 1.27.4, 1.26.8] are now
 available

[ threading under VU#421644; I'm not affiliated with
  Envoy, but happen to track this vulnerability ]

https://groups.google.com/g/envoy-security-announce/c/5XgxqT2lDg8

| We would like to announce the release of the following
| patch versions:
| 
| - 1.29.3
| - 1.28.2
| - 1.27.4
| - 1.26.8
| 
| These releases resolve
| [CVE-2024-30255](https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm)
| 
| We would also like to disclose that versions 1.29.0
| and 1.29.1 were also
| vulnerable to the more severe
| [CVE-2024-27919](https://github.com/envoyproxy/envoy/security/advisories/GHSA-gghf-vfxp-799r)
| 
| You are encouraged to update your versions of Envoy.
| 
| Further information about the releases can be found on
| the Envoy releases page:
| 
| https://github.com/envoyproxy/envoy/releases

-Jan

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.