Issued:: 2023-06-05
Updated:: 2023-06-05

RHSA-2023:3447 - Security Advisory

Overview
Updated Packages

Synopsis

Important: Red Hat OpenStack Platform 16.1 (etcd) security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for etcd is now available for Red Hat OpenStack Platform 16.1
(Train).

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

A highly-available key value store for shared configuration

Security Fix(es):

Information discosure via debug function (CVE-2021-28235)
golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

(CVE-2022-41723)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Solution

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack for IBM Power 16.1 ppc64le
Red Hat OpenStack 16.1 x86_64

Fixes

BZ - 2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding
BZ - 2184441 - CVE-2021-28235 etcd: Information discosure via debug function

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack for IBM Power 16.1

SRPM
etcd-3.3.23-14.el8ost.src.rpm	SHA-256: bd0f6740cb947a78f4f62750d547bc4d018e9f5161add5f673fd6e51502ec793
ppc64le
etcd-3.3.23-14.el8ost.ppc64le.rpm	SHA-256: 80bdebd87457107d5162e9ba44abc07d5a75c9f0ab15f0128091ef845673de1b
etcd-debuginfo-3.3.23-14.el8ost.ppc64le.rpm	SHA-256: 7e2e3879e5b67ed40ffa7dab68d3caab6fd2ccac843ee48c6fc125d28c885d2f
etcd-debugsource-3.3.23-14.el8ost.ppc64le.rpm	SHA-256: d8a63168c0085ff11e112bbbd914d6c84ac5b03f467f7353f021de38ea294378

Red Hat OpenStack 16.1

SRPM
etcd-3.3.23-14.el8ost.src.rpm	SHA-256: bd0f6740cb947a78f4f62750d547bc4d018e9f5161add5f673fd6e51502ec793
x86_64
etcd-3.3.23-14.el8ost.x86_64.rpm	SHA-256: 489915ddd31fba340a275c6dd5869ff980f9461b2659486f9a25b9131d66a791
etcd-debuginfo-3.3.23-14.el8ost.x86_64.rpm	SHA-256: b10c3778a47b358d11dfcbce90720c4d9d415ad3ec8370ff6cfe032319395b2d
etcd-debugsource-3.3.23-14.el8ost.x86_64.rpm	SHA-256: d074fd7fb981e26dfb63f17106e66f6bba5645945eb0744520c0a95c9cb76b5f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation