A highly-available key value store for shared configuration
Security Fix(es):
Information discosure via debug function (CVE-2021-28235)
html/template: improper handling of JavaScript whitespace
(CVE-2023-24540)
golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding
(CVE-2022-41723)
crypto/tls: large handshake records may cause panics (CVE-2022-41724)
net/http mime/multipart: denial of service from excessive resource
consumption (CVE-2022-41725)
net/http net/textproto: denial of service from excessive memory
allocation (CVE-2023-24534)
net/http net/textproto mime/multipart: denial of service from excessive
resource consumption (CVE-2023-24536)
go/parser: Infinite loop in parsing (CVE-2023-24537)
html/template: backticks not treated as string delimiters
(CVE-2023-24538)
html/template: improper sanitization of CSS values (CVE-2023-24539)
html/template: improper handling of empty HTML attributes
(CVE-2023-29400)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 8 | x86_64 | etcd-debuginfo | < 3.3.23-14.el8ost | etcd-debuginfo-3.3.23-14.el8ost.x86_64.rpm |
RedHat | 8 | ppc64le | etcd-debugsource | < 3.3.23-14.el8ost | etcd-debugsource-3.3.23-14.el8ost.ppc64le.rpm |
RedHat | 8 | x86_64 | etcd-debugsource | < 3.3.23-14.el8ost | etcd-debugsource-3.3.23-14.el8ost.x86_64.rpm |
RedHat | 8 | x86_64 | etcd | < 3.3.23-14.el8ost | etcd-3.3.23-14.el8ost.x86_64.rpm |
RedHat | 8 | ppc64le | etcd-debuginfo | < 3.3.23-14.el8ost | etcd-debuginfo-3.3.23-14.el8ost.ppc64le.rpm |
RedHat | 8 | ppc64le | etcd | < 3.3.23-14.el8ost | etcd-3.3.23-14.el8ost.ppc64le.rpm |