SUSE-SU-2024:3656-1
- Source
- https://www.suse.com/support/update/announcement/2024/suse-su-20243656-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:3656-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2024:3656-1
- Upstream
- Related
- Published
- 2024-10-16T11:33:42Z
- Modified
- 2025-05-08T17:28:48.311835Z
- Summary
- Security update for etcd
- Details
-
This update for etcd fixes the following issues:
Update to version 3.5.12:
Security fixes:
- CVE-2018-16873: Fixed remote command execution in cmd/go (bsc#1118897)
- CVE-2018-16874: Fixed directory traversal in cmd/go (bsc#1118898)
- CVE-2018-16875: Fixed CPU denial of service in crypto/x509 (bsc#1118899)
- CVE-2018-16886: Fixed improper authentication issue when RBAC and client-cert-auth is enabled (bsc#1121850)
- CVE-2020-15106: Fixed panic in decodeRecord method (bsc#1174951)
- CVE-2020-15112: Fixed improper checks in entry index (bsc#1174951)
- CVE-2021-28235: Fixed information discosure via debug function (bsc#1210138)
- CVE-2022-41723: Fixed quadratic complexity in HPACK decoding in net/http (bsc#1208270, bsc#1208297)
- CVE-2023-29406: Fixed insufficient sanitization of Host header in go net/http (bsc#1213229)
- CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (bsc#1217070)
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (aka Terrapin Attack) in crypto/ssh (bsc#1217950, bsc#1218150)
Other changes:
- Added hardening to systemd service(s) (bsc#1181400)
- Fixed static /tmp file issue (bsc#1199031)
- Fixed systemd service not starting (bsc#1183703)
Full changelog:
https://github.com/etcd-io/etcd/compare/v3.3.1...v3.5.12
- References
-
- https://www.suse.com/support/update/announcement/2024/suse-su-20243656-1/
- https://bugzilla.suse.com/1095184
- https://bugzilla.suse.com/1118897
- https://bugzilla.suse.com/1118898
- https://bugzilla.suse.com/1118899
- https://bugzilla.suse.com/1121850
- https://bugzilla.suse.com/1174951
- https://bugzilla.suse.com/1181400
- https://bugzilla.suse.com/1183703
- https://bugzilla.suse.com/1199031
- https://bugzilla.suse.com/1208270
- https://bugzilla.suse.com/1208297
- https://bugzilla.suse.com/1210138
- https://bugzilla.suse.com/1213229
- https://bugzilla.suse.com/1217070
- https://bugzilla.suse.com/1217950
- https://bugzilla.suse.com/1218150
- https://www.suse.com/security/cve/CVE-2018-16873
- https://www.suse.com/security/cve/CVE-2018-16874
- https://www.suse.com/security/cve/CVE-2018-16875
- https://www.suse.com/security/cve/CVE-2018-16886
- https://www.suse.com/security/cve/CVE-2020-15106
- https://www.suse.com/security/cve/CVE-2020-15112
- https://www.suse.com/security/cve/CVE-2021-28235
- https://www.suse.com/security/cve/CVE-2022-41723
- https://www.suse.com/security/cve/CVE-2023-29406
- https://www.suse.com/security/cve/CVE-2023-47108
- https://www.suse.com/security/cve/CVE-2023-48795
Affected packages
openSUSE:Leap 15.5 / etcd
Package
- Name
- etcd
- Purl
- pkg:rpm/opensuse/etcd&distro=openSUSE%20Leap%2015.5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.5.12-150000.7.6.1
openSUSE:Leap 15.6 / etcd
Package
- Name
- etcd
- Purl
- pkg:rpm/opensuse/etcd&distro=openSUSE%20Leap%2015.6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.5.12-150000.7.6.1