Security information¶
The MKE 3.6.18 patch release focuses exclusively on CVE mitigation. To this end, the following middleware component versions have been upgraded to resolve vulnerabilities in MKE:
Golang 1.22.5
Alpine Linux 3.19
Calico 3.27.4
The following table details the specific CVEs addressed, including which images are affected per CVE.
CVE |
Status |
Image mitigated |
Problem details from upstream |
---|---|---|---|
Resolved |
|
.NET and Visual Studio Denial of Service Vulnerability. |
|
Resolved |
|
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. |
|
Resolved |
|
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. |
|
Resolved |
|
nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon’s (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. |