With the upcoming end-of-life (EOL) of MSR 3.1.x, Mirantis encourages you to upgrade to the latest supported version to ensure continued support and security updates.
Security information¶
Updated the following middleware component versions to resolve vulnerabilities in MSR:
[ENGDTR-4405] Golang 1.23.8
Resolved CVEs, as detailed:
CVE |
Status |
Problem details from upstream |
|---|---|---|
Resolved |
musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8. |
|
Resolved |
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. |
|
Resolved |
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. |