First published: Thu Aug 25 2022(Updated: )
This is an updated release of the Node Maintenance Operator. The Node Maintenance Operator cordons off nodes from the rest of the cluster and drains all the pods from the nodes. By placing nodes under maintenance, administrators can proactively power down nodes, move workloads to other parts of the cluster, and ensure that workloads do not get interrupted.<br>Security Fix(es):<br><li> golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)</li> <li> golang: net/<a href="http:" target="_blank">http:</a> improper sanitization of Transfer-Encoding header (CVE-2022-1705)</li> <li> golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)</li> <li> golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)</li> <li> golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)</li> <li> golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)</li> <li> golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)</li> <li> golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, see the CVE page(s) listed in the References section.
Affected Software | Affected Version | How to fix |
---|
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.