SUSE-SU-2024:3656-1

See a problem?
Please try reporting it to the source first.

Source

Import Source

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2024:3656-1

Related

Published

2024-10-16T11:33:42Z

Modified

2024-10-16T11:33:42Z

Summary

Security update for etcd

Details

This update for etcd fixes the following issues:

Update to version 3.5.12:

Security fixes:

CVE-2018-16873: Fixed remote command execution in cmd/go (bsc#1118897)
CVE-2018-16874: Fixed directory traversal in cmd/go (bsc#1118898)
CVE-2018-16875: Fixed CPU denial of service in crypto/x509 (bsc#1118899)
CVE-2018-16886: Fixed improper authentication issue when RBAC and client-cert-auth is enabled (bsc#1121850)
CVE-2020-15106: Fixed panic in decodeRecord method (bsc#1174951)
CVE-2020-15112: Fixed improper checks in entry index (bsc#1174951)
CVE-2021-28235: Fixed information discosure via debug function (bsc#1210138)
CVE-2022-41723: Fixed quadratic complexity in HPACK decoding in net/http (bsc#1208270, bsc#1208297)
CVE-2023-29406: Fixed insufficient sanitization of Host header in go net/http (bsc#1213229)
CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (bsc#1217070)
CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (aka Terrapin Attack) in crypto/ssh (bsc#1217950, bsc#1218150)

Other changes:

Full changelog:

https://github.com/etcd-io/etcd/compare/v3.3.1...v3.5.12

References

Affected packages

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.12-150000.7.6.1

{
    "binaries": [
        {
            "etcdctl": "3.5.12-150000.7.6.1",
            "etcd": "3.5.12-150000.7.6.1"
        }
    ]
}

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.12-150000.7.6.1

{
    "binaries": [
        {
            "etcdctl": "3.5.12-150000.7.6.1",
            "etcd": "3.5.12-150000.7.6.1"
        }
    ]
}