Issued:: 2021-04-27
Updated:: 2021-04-27

RHSA-2021:1407 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: etcd security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for etcd is now available for Red Hat Enterprise Linux 7 Extras.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The etcd packages provide a highly available key-value store for shared configuration.

Security Fix(es):

etcd: Large slice causes panic in decodeRecord method (CVE-2020-15106)
etcd: DoS in wal/wal.go (CVE-2020-15112)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

BZ - 1868872 - CVE-2020-15112 etcd: DoS in wal/wal.go
BZ - 1868883 - CVE-2020-15106 etcd: Large slice causes panic in decodeRecord method

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
etcd-3.2.32-1.el7_9.src.rpm	SHA-256: 9df1bbb03abc6007fc2a8feb040b7bc8c9f708d7ab39fcbabb3c2924ac7d6460
x86_64
etcd-3.2.32-1.el7_9.x86_64.rpm	SHA-256: 9a9f08348ce957ee109df270e575afcba2c8d6b1b7e38512af362136bb2b8e53
etcd-debuginfo-3.2.32-1.el7_9.x86_64.rpm	SHA-256: 55bf13f30b42c1965b9ce57e8db162c36eb540d6a91e3fe45026831f9eb746b0

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
etcd-3.2.32-1.el7_9.src.rpm	SHA-256: 9df1bbb03abc6007fc2a8feb040b7bc8c9f708d7ab39fcbabb3c2924ac7d6460
s390x
etcd-3.2.32-1.el7_9.s390x.rpm	SHA-256: 6168778b6b9103eaef2ea387774e7074baf001491e72d1dcfa6f97884362fe60
etcd-debuginfo-3.2.32-1.el7_9.s390x.rpm	SHA-256: 396feb7a2423ffda32cd5ab5c3cfd5b7d5f14541b986f14bbb61d1ae4b26edd7

Red Hat Enterprise Linux for Power, little endian 7

SRPM
etcd-3.2.32-1.el7_9.src.rpm	SHA-256: 9df1bbb03abc6007fc2a8feb040b7bc8c9f708d7ab39fcbabb3c2924ac7d6460
ppc64le
etcd-3.2.32-1.el7_9.ppc64le.rpm	SHA-256: f0726e225a122d56a13e6395bcc22c657fe38cf298e4534665e22a2524cd8f32
etcd-debuginfo-3.2.32-1.el7_9.ppc64le.rpm	SHA-256: 18f84bc4dc59f8f1c1f830849aac21390528f8876f73e4784ddaed100d20ab8b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation