RHSA-2021:3487: Moderate: Red Hat OpenStack Platform 16.2 (etcd) security update
A highly-available key value store for shared configurationSecurity Fix(es): net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525) golang: net: lookup functions may return invalid host names (CVE-2021-33195) golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197) golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198) For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2021:3487?
The severity of RHSA-2021:3487 is considered critical due to vulnerabilities in handling large headers.
How do I fix RHSA-2021:3487?
To fix RHSA-2021:3487, update etcd and its related packages to version 3.3.23-3.1.el8.
What vulnerabilities are addressed in RHSA-2021:3487?
RHSA-2021:3487 addresses CVE-2021-31525, which involves a panic in ReadRequest and ReadResponse during large header processing.
Which package versions are affected by RHSA-2021:3487?
Packages affected by RHSA-2021:3487 include versions of etcd prior to 3.3.23-3.1.el8.
Is RHSA-2021:3487 applicable to both etcd and etcd-debuginfo?
Yes, RHSA-2021:3487 is applicable to both etcd and etcd-debuginfo packages.