SUSE-SU-2024:3656-1
Vulnerability Summary
Timeline
Description
Security update for etcd This update for etcd fixes the following issues: Update to version 3.5.12: Security fixes: - CVE-2018-16873: Fixed remote command execution in cmd/go (bsc#1118897) - CVE-2018-16874: Fixed directory traversal in cmd/go (bsc#1118898) - CVE-2018-16875: Fixed CPU denial of service in crypto/x509 (bsc#1118899) - CVE-2018-16886: Fixed improper authentication issue when RBAC and client-cert-auth is enabled (bsc#1121850) - CVE-2020-15106: Fixed panic in decodeRecord method (bsc#1174951) - CVE-2020-15112: Fixed improper checks in entry index (bsc#1174951) - CVE-2021-28235: Fixed information discosure via debug function (bsc#1210138) - CVE-2022-41723: Fixed quadratic complexity in HPACK decoding in net/http (bsc#1208270, bsc#1208297) - CVE-2023-29406: Fixed insufficient sanitization of Host header in go net/http (bsc#1213229) - CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (bsc#1217070) - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (aka Terrapin Attack) in crypto/ssh (bsc#1217950, bsc#1218150) Other changes: - Added hardening to systemd service(s) (bsc#1181400) - Fixed static /tmp file issue (bsc#1199031) - Fixed systemd service not starting (bsc#1183703) Full changelog: https://github.com/etcd-io/etcd/compare/v3.3.1...v3.5.12
Affected Systems
- opensuse•etcd&distro=openSUSE Leap 15.5
< 3.5.12-150000.7.6.1
- opensuse•etcd&distro=openSUSE Leap 15.6
< 3.5.12-150000.7.6.1
References (28)
- https://www.suse.com/support/update/announcement/2024/suse-su-20243656-1/
- https://bugzilla.suse.com/1095184
- https://bugzilla.suse.com/1118897
- https://bugzilla.suse.com/1118898
- https://bugzilla.suse.com/1118899
- https://bugzilla.suse.com/1121850
- https://bugzilla.suse.com/1174951
- https://bugzilla.suse.com/1181400
- https://bugzilla.suse.com/1183703
- https://bugzilla.suse.com/1199031
- https://bugzilla.suse.com/1208270
- https://bugzilla.suse.com/1208297
- https://bugzilla.suse.com/1210138
- https://bugzilla.suse.com/1213229
- https://bugzilla.suse.com/1217070
- https://bugzilla.suse.com/1217950
- https://bugzilla.suse.com/1218150
- https://www.suse.com/security/cve/CVE-2018-16873
- https://www.suse.com/security/cve/CVE-2018-16874
- https://www.suse.com/security/cve/CVE-2018-16875
- https://www.suse.com/security/cve/CVE-2018-16886
- https://www.suse.com/security/cve/CVE-2020-15106
- https://www.suse.com/security/cve/CVE-2020-15112
- https://www.suse.com/security/cve/CVE-2021-28235
- https://www.suse.com/security/cve/CVE-2022-41723
- https://www.suse.com/security/cve/CVE-2023-29406
- https://www.suse.com/security/cve/CVE-2023-47108
- https://www.suse.com/security/cve/CVE-2023-48795