-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenStack Platform 16.1 (etcd) security update Advisory ID: RHSA-2023:3447-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:3447 Issue date: 2023-06-05 CVE Names: CVE-2021-28235 CVE-2022-41723 ===================================================================== 1. Summary: An update for etcd is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 16.1 - ppc64le, x86_64 3. Description: A highly-available key value store for shared configuration Security Fix(es): * Information discosure via debug function (CVE-2021-28235) * golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 2184441 - CVE-2021-28235 etcd: Information discosure via debug function 6. Package List: Red Hat OpenStack Platform 16.1: Source: etcd-3.3.23-14.el8ost.src.rpm ppc64le: etcd-3.3.23-14.el8ost.ppc64le.rpm etcd-debuginfo-3.3.23-14.el8ost.ppc64le.rpm etcd-debugsource-3.3.23-14.el8ost.ppc64le.rpm x86_64: etcd-3.3.23-14.el8ost.x86_64.rpm etcd-debuginfo-3.3.23-14.el8ost.x86_64.rpm etcd-debugsource-3.3.23-14.el8ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-28235 https://access.redhat.com/security/cve/CVE-2022-41723 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZH5399zjgjWX9erEAQi3tA/5AYgM3ZWooHZM/rl3ZqV3HyWNwz62DIOe r8eZFBTgND3rCgjXR63zC/e7g409rAmWYvjc02F/MJxEsGu1fXrLa9rfXfD9o5y3 X2qBMobtX+VsvR2jnh+EYCpz597LXmvjxGiZQfrP71zjrLX+GyRHISPGT/qgrTuH JaWTLfAZy95HAU6Rof0sLhsHWt+9knUt5bgyT5mdgiTo+fx7DtOCBt15PBcmaC07 wc8NOPmgVu5Y6EPLBfYAdb368WWfwOWElbaK80SuVmgRpzXu3S83EBbaklO++pAD RfROf/94qy+lEXp5CfK+r8CgVRfflILsC2FJ9+SJajr/BjRm3AE0ABOpFhu0g+IU ORB33zhnDt3+imubHtCJaJdDomftzIjpHW6FQxeZ2aBANoZnR0/sQZaHHgjxF5Bi VZxb6LyJeSQcN9lDIMxUaV6HHwu4k2TT00drvVM3stUfH97piGAk4uwVLOiSYITZ r96n+YFhBxngKM+xjhcDERRIX7kWnTZOfUu0d6xknkdLxNGptnwIE0uX2lRo4Te1 UAV3OhB4gHH7RmPF8jfvuW/MWgc8Z/Ux23TQj3S67TWZCMndGJLRrfmM9hkI1W4o VOAKy4MB47PPNmhs+8/KuEjA3SOt66omJlUrhCYqXu0nFXk2llr7iCg7RSbWV77P YyfgVWZYfMY= =nW9a -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce