Description of problem: There are three CVEs in grpc-go: CVE-2019-9512 (Ping Flood) CVE-2019-9514 (Reset Flood) CVE-2019-9515 (Settings Flood) These are fixed in https://github.com/grpc/grpc-go/pull/2970 Version-Release number of selected component (if applicable): olm 0.11.0
Hi Jian, We just bumped the dependencies to address this. I don't have a way to reproduce the bug, it's a preventative measure.
Hi, Evan Thanks! Doesn't matter. I cannot get any poc("CVE-2019-9512 poc site:github.com"), so run a regression test round. No more bugs found, LGTM, verify it, thanks!
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2922