First published: Mon Jun 05 2023(Updated: )
A highly-available key value store for shared configuration<br>Security Fix(es):<br><li> Information discosure via debug function (CVE-2021-28235)</li> <li> html/template: improper handling of JavaScript whitespace</li> (CVE-2023-24540)<br><li> golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding</li> (CVE-2022-41723)<br><li> crypto/tls: large handshake records may cause panics (CVE-2022-41724)</li> <li> net/http mime/multipart: denial of service from excessive resource</li> consumption (CVE-2022-41725)<br><li> net/http net/textproto: denial of service from excessive memory</li> allocation (CVE-2023-24534)<br><li> net/http net/textproto mime/multipart: denial of service from excessive</li> resource consumption (CVE-2023-24536)<br><li> go/parser: Infinite loop in parsing (CVE-2023-24537)</li> <li> html/template: backticks not treated as string delimiters</li> (CVE-2023-24538)<br><li> html/template: improper sanitization of CSS values (CVE-2023-24539)</li> <li> html/template: improper handling of empty HTML attributes</li> (CVE-2023-29400)<br>For more details about the security issue(s), including the impact, a CVSS<br>score, acknowledgments, and other related information, refer to the CVE<br>page listed in the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/etcd | <3.3.23-14.el8 | 3.3.23-14.el8 |
redhat/etcd-debuginfo | <3.3.23-14.el8 | 3.3.23-14.el8 |
redhat/etcd-debugsource | <3.3.23-14.el8 | 3.3.23-14.el8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.