zh-translation:/news/releases/1.2.x/announcing-1.2.4/index.md (#6261)

* translate the title and description * change the title and description * zh-translation:/news/releases/1.2.x/announcing-1.2.4/index.md * zh-translation:/news/releases/1.2.x/announcing-1.2.4/index.md
2019-12-31 17:31:22 +08:00 · 2019-12-31 17:31:22 +08:00 · ef363509e1
parent 8b86db702a
commit ef363509e1
1 changed files with 15 additions and 16 deletions
--- a/content/zh/news/releases/1.2.x/announcing-1.2.4/index.md
+++ b/content/zh/news/releases/1.2.x/announcing-1.2.4/index.md
@ -1,8 +1,8 @@
 ---
-title: Announcing Istio 1.2.4
+title: Istio 1.2.4 发布公告
 linktitle: 1.2.4
-subtitle: Patch Release
-description: Istio 1.2.4 patch release.
+subtitle: 发布补丁
+description: Istio 1.2.4 版本发布公告。
 publishdate: 2019-08-13
 release: 1.2.4
 aliases:
@ -12,23 +12,22 @@ aliases:
    - /zh/news/announcing-1.2.4
 ---

-We're pleased to announce the availability of Istio 1.2.4. Please see below for what's changed.
+我们很高兴地宣布 Istio 1.2.4 现在是可用的，详情请查看如下更改。

 {{< relnote >}}

-## Security update
+## 安全更新{#security-update}

-This release contains fixes for the security vulnerabilities described in [ISTIO-SECURITY-2019-003](/zh/news/security/istio-security-2019-003/)]
-[ISTIO-SECURITY-2019-004](/zh/news/security/istio-security-2019-004/).  Specifically:
+此版本包含了在 [ISTIO-SECURITY-2019-003](/zh/news/security/istio-security-2019-003/)] 和 [ISTIO-SECURITY-2019-004](/zh/news/security/istio-security-2019-004/) 中所阐述的安全漏洞程序的修复。特别是：

-__ISTIO-SECURITY-2019-003__: An Envoy user reported publicly an issue (c.f. [Envoy Issue 7728](https://github.com/envoyproxy/envoy/issues/7728)) about regular expressions matching that crashes Envoy with very large URIs.
-  * __[CVE-2019-14993](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14993)__: After investigation, the Istio team has found that this issue could be leveraged for a DoS attack in Istio, if users are employing regular expressions in some of the Istio APIs: `JWT`, `VirtualService`, `HTTPAPISpecBinding`, `QuotaSpecBinding`.
+__ISTIO-SECURITY-2019-003__: 一位 Envoy 用户公开报告了一个正则表达式的匹配问题 (c.f. [Envoy Issue 7728](https://github.com/envoyproxy/envoy/issues/7728))，该问题可使 Envoy 出现非常严重的 URI 崩溃。
+  * __[CVE-2019-14993](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14993)__: 经调查，Istio 小组发现，当用户正在使用 `Istio Api` 中一些像 `JWT`, `VirtualService`, `HTTPAPISpecBinding`, `QuotaSpecBinding` 的正则表达式时，会被利用而发起 `Istio DoS` 攻击。

-__ISTIO-SECURITY-2019-004__: Envoy, and subsequently Istio are vulnerable to a series of trivial HTTP/2-based DoS attacks:
-  * __[CVE-2019-9512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512)__: HTTP/2 flood using `PING` frames and queuing of response `PING` ACK frames that results in unbounded memory growth (which can lead to out of memory conditions).
-  * __[CVE-2019-9513](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513)__: HTTP/2 flood using PRIORITY frames that results in excessive CPU usage and starvation of other clients.
-  * __[CVE-2019-9514](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514)__: HTTP/2 flood using `HEADERS` frames with invalid HTTP headers and queuing of response `RST_STREAM` frames that results in unbounded memory growth (which can lead to out of memory conditions).
-  * __[CVE-2019-9515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515)__: HTTP/2 flood using `SETTINGS` frames and queuing of `SETTINGS` ACK frames that results in unbounded memory growth (which can lead to out of memory conditions).
-  * __[CVE-2019-9518](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518)__: HTTP/2 flood using frames with an empty payload that results in excessive CPU usage and starvation of other clients.
+__ISTIO-SECURITY-2019-004__: Envoy 和之后的 Istio 更容易受到一系列基于 HTTP/2 的 DoS 攻击：
+  * __[CVE-2019-9512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512)__: 使用 `PING` 帧和响应 `PING` ACK 帧的 HTTP/2 流，会导致无限的内存增长（这可能导致内存不足的原因）。
+  * __[CVE-2019-9513](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513)__: 使用 PRIORITY 帧的 HTTP/2 流会导致其他客户端的 CPU 使用率过低。
+  * __[CVE-2019-9514](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514)__: 使用具有无效的 HTTP header 的 `HEADERS` 帧和 `RST_STREAM` 帧的 HTTP/2 流，会导致无限的内存增长（这可能导致内存不足的原因）。
+  * __[CVE-2019-9515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515)__: 使用 `SETTINGS` 帧和 `SETTINGS`  ACK 帧的 HTTP/2 流，会导致无限的内存增长（这可能导致内存不足的原因）。
+  * __[CVE-2019-9518](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518)__: 使用具有空负载帧的 HTTP/2 流会导致其他客户端的 CPU 使用率过低。

-Nothing else is included in this release except for the above security fixes.
+除上述修复的程序之外，此版本中不包含其他任何内容。