Issued:: 2022-08-15
Updated:: 2022-08-15

RHSA-2022:6061 - Security Advisory

Overview
Updated Packages

Synopsis

Important: Red Hat OpenStack Platform 16.2 (etcd) security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for etcd is now available for Red Hat OpenStack Platform 16.2 (Train).

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The etcd packages provide a highly available key-value store for shared configuration.

Security Fix(es):

golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack for IBM Power 16.2 ppc64le
Red Hat OpenStack 16.2 x86_64

Fixes

BZ - 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
BZ - 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack for IBM Power 16.2

SRPM
etcd-3.3.23-10.el8ost.src.rpm	SHA-256: 70fd05bcd953444e577c27072af3b95325f0a6da82679bc7138eef78299abc21
ppc64le
etcd-3.3.23-10.el8ost.ppc64le.rpm	SHA-256: 58676fffa5415feaa3d8005dec629e353146d96135a1e3d6e506d8217e2d53f4
etcd-debuginfo-3.3.23-10.el8ost.ppc64le.rpm	SHA-256: ab3f9eae06becc9eb8a822dfe207c0434634aebc98976f4e4e8fee2ab6b28e10
etcd-debugsource-3.3.23-10.el8ost.ppc64le.rpm	SHA-256: 3fb14ad97b304d315abb78b2475a53829c1f76d5b68eef7238e0f809d8609ee7

Red Hat OpenStack 16.2

SRPM
etcd-3.3.23-10.el8ost.src.rpm	SHA-256: 70fd05bcd953444e577c27072af3b95325f0a6da82679bc7138eef78299abc21
x86_64
etcd-3.3.23-10.el8ost.x86_64.rpm	SHA-256: 2f0ce3cf0039e31b6e0a02f553f33ca3c092f9be620ae467b78a6df946a8e17d
etcd-debuginfo-3.3.23-10.el8ost.x86_64.rpm	SHA-256: 026f1ea1805500d203f33f3a89fb277f9093f958515a1ff360fc3adbb7976e06
etcd-debugsource-3.3.23-10.el8ost.x86_64.rpm	SHA-256: 13f3715e356edce89eaa9e6ece7dedac8d6021c4844abc912e4ee09a0b9df92b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation