Will these bird vulnerabilities affect Calico security?

WangXL · July 27, 2022, 8:39am

Two vulnerabilities are found when we scan bird binary files. Will these vulnerabilities affect Calico security?
The calico version is v3.21.3 and the bird version is v0.3.3.
https://nvd.nist.gov/vuln/detail/CVE-2021-26928
https://nvd.nist.gov/vuln/detail/CVE-2018-12066

WangXL · August 11, 2022, 7:52am

Have the above problems been solved by this merger?

github.com/projectcalico/calico

Cherry-pick BGP password support from master

projectcalico:release-v3.16 ← neiljerram:bgp-password-316

opened 12:57PM - 06 Oct 20 UTC

neiljerram

+202 -4

Cherry-picking #4033 and #4043 from master. ## Release Note  ```release-note It's now possible to specify a password on a BGPPeer resource, and the password will be used to authenticate the peer on BGP sessions generated by that resource. ```

Topic		Replies	Views
Why has no new version of calico bird been released in recent years? Open Source Calico Help aks	6	453	March 1, 2022
Calico v3.11 released Announcements	0	811	December 23, 2019
Join the Calico Community Meeting, Wednesday April 8 Announcements	0	695	April 7, 2020
Next Calico Community Meeting is Wednesday, May 13! Announcements community	2	771	May 29, 2020
Where is vpp code? Open Source Calico Help	3	1228	May 14, 2022

Will these bird vulnerabilities affect Calico security?

Related Topics