Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

bump ingress-nginx controller to 4.7.1 to tackle CVE-2023-2650 #258

Merged
merged 1 commit into from
Jul 22, 2023
Merged

bump ingress-nginx controller to 4.7.1 to tackle CVE-2023-2650 #258

merged 1 commit into from
Jul 22, 2023

Conversation

andy108369
Copy link
Contributor

@andy108369 andy108369 commented Jul 22, 2023
edited
Loading

This is mainly to tackle CVE-2023-2650 (possible DoS translating ASN.1 object identifiers) - https://nvd.nist.gov/vuln/detail/CVE-2023-2650 which is currently UNDERGOING REANALYSIS

This upgrade delivers openssl-3.1.1-r1 package into the alpine-based image which is not vulnerable to CVE-2023-2650 - https://security.alpinelinux.org/vuln/CVE-2023-2650 / https://git.alpinelinux.org/aports/commit/main/openssl?h=3.18-stable&id=b9c389a20f56bab38f978d2cf60bb3ec93dcdccf / https://www.openssl.org/news/openssl-3.1-notes.html / kubernetes/ingress-nginx#10026

@andy108369
bump ingress-nginx controller to 4.7.1 to tackle CVE-2023-2650
a57e3b4 
This is mainly to tackle `CVE-2023-2650` (`possible DoS translating ASN.1 object identifiers`) - https://nvd.nist.gov/vuln/detail/CVE-2023-2650

This upgrade delivers openssl-3.1.1-r1 package into the alpine-based image which is not vulnerable to CVE-2023-2650 - https://security.alpinelinux.org/vuln/CVE-2023-2650
@andy108369 andy108369 merged commit 3531a00 into akash-network:master Jul 22, 2023
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@andy108369