Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6189-1

Ubuntu Security Notice 6189-1 - It was discovered that etcd leaked credentials when debugging was enabled. This allowed remote attackers to discover etcd authentication credentials and possibly escalate privileges on systems using etcd.

Packet Storm
#vulnerability#ubuntu#auth

==========================================================================
Ubuntu Security Notice USN-6189-1
June 28, 2023

etcd vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 23.04
  • Ubuntu 22.10

Summary:

etcd could be made to expose sensitive information over the
network.

Software Description:

  • etcd: highly-available key value store – client

Details:

It was discovered that etcd leaked credentials when debugging
was enabled. This allowed remote attackers to discover etcd
authentication credentials and possibly escalate privileges on
systems using etcd.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
etcd-client 3.4.23-4ubuntu0.1
etcd-server 3.4.23-4ubuntu0.1

Ubuntu 22.10:
etcd-client 3.3.25+dfsg-7ubuntu0.22.10.2
etcd-server 3.3.25+dfsg-7ubuntu0.22.10.2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6189-1
CVE-2021-28235

Package Information:
https://launchpad.net/ubuntu/+source/etcd/3.4.23-4ubuntu0.1
https://launchpad.net/ubuntu/+source/etcd/3.3.25+dfsg-7ubuntu0.22.10.2

Related news

Red Hat Security Advisory 2023-3441-01

Red Hat Security Advisory 2023-3441-01 - An update for etcd is now available for Red Hat OpenStack Platform 17.0 (Wallaby).

Red Hat Security Advisory 2023-3447-01

Red Hat Security Advisory 2023-3447-01 - An update for etcd is now available for Red Hat OpenStack Platform 16.1 (Train).

Red Hat Security Advisory 2023-3445-01

Red Hat Security Advisory 2023-3445-01 - An update for etcd is now available for Red Hat OpenStack Platform 16.2 (Train). Issues addressed include a denial of service vulnerability.

RHSA-2023:3441: Red Hat Security Advisory: Red Hat OpenStack Platform 17.0 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-28235: A flaw was found in etcd, where etc-io could allow a remote attacker to gain elevated privileges on the system caused by a vulnerability in the debug function. By sending a specially crafted request, an attacker can gain elevated privileges. * CVE-2023-32082: A flaw was found in etcd. Affected versions of etcd allow a remote, authent...

RHSA-2023:3445: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-28235: A flaw was found in etcd, where etc-io could allow a remote attacker to gain elevated privileges on the system caused by a vulnerability in the debug function. By sending a specially crafted request, an attacker can gain elevated privileges. * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause e...

RHSA-2023:3447: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-28235: A flaw was found in etcd, where etc-io could allow a remote attacker to gain elevated privileges on the system caused by a vulnerability in the debug function. By sending a specially crafted request, an attacker can gain elevated privileges. * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause e...

CVE-2021-28235: etcd-3.4.10-test/temp4cj.png at master · lucyxss/etcd-3.4.10-test

Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution