{"affected":[{"ecosystem_specific":{"binaries":[{"etcd":"3.5.12-150000.7.6.1","etcdctl":"3.5.12-150000.7.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"etcd","purl":"pkg:rpm/opensuse/etcd&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.5.12-150000.7.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"etcd":"3.5.12-150000.7.6.1","etcdctl":"3.5.12-150000.7.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"etcd","purl":"pkg:rpm/opensuse/etcd&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.5.12-150000.7.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for etcd fixes the following issues:\n\nUpdate to version 3.5.12:\n\nSecurity fixes:\n\n- CVE-2018-16873: Fixed remote command execution in cmd/go (bsc#1118897)\n- CVE-2018-16874: Fixed directory traversal in cmd/go (bsc#1118898)\n- CVE-2018-16875: Fixed CPU denial of service in crypto/x509 (bsc#1118899)\n- CVE-2018-16886: Fixed improper authentication issue when RBAC and client-cert-auth is enabled (bsc#1121850)\n- CVE-2020-15106: Fixed panic in decodeRecord method (bsc#1174951)\n- CVE-2020-15112: Fixed improper checks in entry index (bsc#1174951)\n- CVE-2021-28235: Fixed information discosure via debug function (bsc#1210138)\n- CVE-2022-41723: Fixed quadratic complexity in HPACK decoding in net/http (bsc#1208270, bsc#1208297)\n- CVE-2023-29406: Fixed insufficient sanitization of Host header in go net/http (bsc#1213229)\n- CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (bsc#1217070)\n- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (aka Terrapin Attack) in crypto/ssh (bsc#1217950, bsc#1218150)\n\nOther changes:\n\n- Added hardening to systemd service(s) (bsc#1181400)\n- Fixed static /tmp file issue (bsc#1199031)\n- Fixed systemd service not starting (bsc#1183703)\n\nFull changelog:\n\nhttps://github.com/etcd-io/etcd/compare/v3.3.1...v3.5.12\n","id":"SUSE-SU-2024:3656-1","modified":"2024-10-16T11:33:42Z","published":"2024-10-16T11:33:42Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20243656-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1095184"},{"type":"REPORT","url":"https://bugzilla.suse.com/1118897"},{"type":"REPORT","url":"https://bugzilla.suse.com/1118898"},{"type":"REPORT","url":"https://bugzilla.suse.com/1118899"},{"type":"REPORT","url":"https://bugzilla.suse.com/1121850"},{"type":"REPORT","url":"https://bugzilla.suse.com/1174951"},{"type":"REPORT","url":"https://bugzilla.suse.com/1181400"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183703"},{"type":"REPORT","url":"https://bugzilla.suse.com/1199031"},{"type":"REPORT","url":"https://bugzilla.suse.com/1208270"},{"type":"REPORT","url":"https://bugzilla.suse.com/1208297"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210138"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213229"},{"type":"REPORT","url":"https://bugzilla.suse.com/1217070"},{"type":"REPORT","url":"https://bugzilla.suse.com/1217950"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218150"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16873"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16874"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16875"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16886"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15106"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15112"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-28235"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-41723"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-29406"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-47108"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-48795"}],"related":["CVE-2018-16873","CVE-2018-16874","CVE-2018-16875","CVE-2018-16886","CVE-2020-15106","CVE-2020-15112","CVE-2021-28235","CVE-2022-41723","CVE-2023-29406","CVE-2023-47108","CVE-2023-48795"],"summary":"Security update for etcd","upstream":["CVE-2018-16873","CVE-2018-16874","CVE-2018-16875","CVE-2018-16886","CVE-2020-15106","CVE-2020-15112","CVE-2021-28235","CVE-2022-41723","CVE-2023-29406","CVE-2023-47108","CVE-2023-48795"]}