- 발행된 날짜:
- 2026-06-22
- 업데이트된 날짜:
- 2026-06-22
RHSA-2026:28047 - Security Advisory
요약
Important: Red Hat OpenStack Platform 17.1 (etcd) security update
유형/심각도
Security Advisory: Important
Red Hat Lightspeed 패치 분석
이 권고의 영향을 받는 시스템을 식별하고 수정합니다.
주제
An update for etcd is now available for Red Hat OpenStack Platform 17.1
(Wallaby).
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
설명
etcd is a highly-available key value store for shared configuration.
Security Fix(es):
- net/url: Memory exhaustion in query parameter parsing in net/url
(CVE-2025-61726)
- golang: Denial of Service due to excessive resource consumption via
crafted certificate (CVE-2025-61729)
- Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
- Incorrect enforcement of email constraints in crypto/x509
(CVE-2026-27137)
- crypto/tls: golang: Go: Denial of Service vulnerability in certificate
chain building (CVE-2026-32280)
- golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update
messages (CVE-2026-32283)
- google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to
improper HTTP/2 path validation (CVE-2026-33186)
- golang: Go crypto/x509: Certificate validation bypass due to incorrect
DNS constraint application (CVE-2026-33810)
- crypto/tls: Incorrect certificate validation during TLS session
resumption (CVE-2025-68121)
- internal/syscall/unix: Root.Chmod can follow symlinks out of the root
(CVE-2026-32282)
- etcd: Authorization bypass allows information disclosure and denial of
service (CVE-2026-33413)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
솔루션
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
영향을 받는 제품
- Red Hat OpenStack 17.1 for RHEL 9 x86_64
수정
- BZ - 2418462 - CVE-2025-61729 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
- BZ - 2434432 - CVE-2025-61726 golang: net/url: Memory exhaustion in query parameter parsing in net/url
- BZ - 2437111 - CVE-2025-68121 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption
- BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url
- BZ - 2449833 - CVE-2026-33186 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation
- BZ - 2451728 - CVE-2026-33413 etcd: etcd: Authorization bypass allows information disclosure and denial of service
- BZ - 2456336 - CVE-2026-32282 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root
- BZ - 2456338 - CVE-2026-32283 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages
- BZ - 2456339 - CVE-2026-32280 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building
CVE
Red Hat OpenStack 17.1 for RHEL 9
| SRPM | |
|---|---|
| etcd-3.4.26-9.5.el9ost.src.rpm | SHA-256: 1b88e401549e54d549cb5654a4fd968bb321df4303120dd0adb9f913559f80be |
| x86_64 | |
| etcd-3.4.26-9.5.el9ost.x86_64.rpm | SHA-256: fb760179ea6eb0cbb34c34ce27605da703d8474675d3cd022c04e777bb177944 |
| etcd-debuginfo-3.4.26-9.5.el9ost.x86_64.rpm | SHA-256: 2c70647256cabc34da5e5cdf6590727d922f167c23759ea93174c9f4129c0d89 |
| etcd-debugsource-3.4.26-9.5.el9ost.x86_64.rpm | SHA-256: bbfcda6011ae6de7b740d8afe691735dc5e3b694ee6d76e15f1672ef78edee0a |
Red Hat 제품 보안팀 연락처는 secalert@redhat.com입니다. https://access.redhat.com/security/team/contact/에 더 많은 연락처 정보가 있습니다.
