Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15
patchinfo.36071
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.36071
<patchinfo incident="36071"> <issue tracker="bnc" id="1095184">update etcd to version used in CaaSP</issue> <issue tracker="bnc" id="1118897">VUL-0: CVE-2018-16873: go: cmd/go: remote command execution</issue> <issue tracker="bnc" id="1118898">VUL-0: CVE-2018-16874: go: cmd/go: directory traversal</issue> <issue tracker="bnc" id="1118899">VUL-0: CVE-2018-16875: go: crypto/x509: CPU denial of service</issue> <issue tracker="bnc" id="1121850">VUL-0: CVE-2018-16886: etcd: Improper authentication issue when RBAC and client-cert-auth is enabled</issue> <issue tracker="bnc" id="1174951">VUL-0: CVE-2020-15106,CVE-2020-15112: etcd: a large slice causes panic in decodeRecord method and improper checks in entry index</issue> <issue tracker="bnc" id="1181400">AUDIT-TASK: Evaluate systemd hardenings and get more services to use them</issue> <issue tracker="bnc" id="1183703">etcd not starting via systemd</issue> <issue tracker="bnc" id="1199031">AUDIT-FIND: etcd: static tmp directory in openSUSE packaging helper</issue> <issue tracker="bnc" id="1208270">VUL-0: TRACKERBUG: CVE-2022-41723: go1.19,go1.20: net/http: avoid quadratic complexity in HPACK decoding</issue> <issue tracker="bnc" id="1208297">VUL-0: CVE-2022-41723: etcd: go1.19,go1.20: net/http: avoid quadratic complexity in HPACK decoding</issue> <issue tracker="bnc" id="1210138">VUL-0: CVE-2021-28235: etcd: Information discosure via debug function</issue> <issue tracker="bnc" id="1213229">VUL-0: CVE-2023-29406: go1.19,go1.20: net/http: insufficient sanitization of Host header</issue> <issue tracker="bnc" id="1217070">VUL-0: CVE-2023-47108: TRACKERBUG: otelgrpc: DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics</issue> <issue tracker="bnc" id="1217950">VUL-0: CVE-2023-48795: openssh: prefix truncation breaking ssh channel integrity aka Terrapin Attack</issue> <issue tracker="bnc" id="1218150">VUL-0: CVE-2023-48795: golang.org/x/crypto/ssh: prefix truncation breaking ssh channel integrity</issue> <issue tracker="cve" id="2018-16873"/> <issue tracker="cve" id="2018-16874"/> <issue tracker="cve" id="2018-16875"/> <issue tracker="cve" id="2018-16886"/> <issue tracker="cve" id="2020-15106"/> <issue tracker="cve" id="2020-15112"/> <issue tracker="cve" id="2021-28235"/> <issue tracker="cve" id="2022-41723"/> <issue tracker="cve" id="2023-29406"/> <issue tracker="cve" id="2023-47108"/> <issue tracker="cve" id="2023-48795"/> <packager>psaggu</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for etcd</summary> <description>This update for etcd fixes the following issues: Update to version 3.5.12: Security fixes: - CVE-2018-16873: Fixed remote command execution in cmd/go (bsc#1118897) - CVE-2018-16874: Fixed directory traversal in cmd/go (bsc#1118898) - CVE-2018-16875: Fixed CPU denial of service in crypto/x509 (bsc#1118899) - CVE-2018-16886: Fixed improper authentication issue when RBAC and client-cert-auth is enabled (bsc#1121850) - CVE-2020-15106: Fixed panic in decodeRecord method (bsc#1174951) - CVE-2020-15112: Fixed improper checks in entry index (bsc#1174951) - CVE-2021-28235: Fixed information discosure via debug function (bsc#1210138) - CVE-2022-41723: Fixed quadratic complexity in HPACK decoding in net/http (bsc#1208270, bsc#1208297) - CVE-2023-29406: Fixed insufficient sanitization of Host header in go net/http (bsc#1213229) - CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (bsc#1217070) - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (aka Terrapin Attack) in crypto/ssh (bsc#1217950, bsc#1218150) Other changes: - Added hardening to systemd service(s) (bsc#1181400) - Fixed static /tmp file issue (bsc#1199031) - Fixed systemd service not starting (bsc#1183703) Full changelog: https://github.com/etcd-io/etcd/compare/v3.3.1...v3.5.12 </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
