CVE-2020-15112 (https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93): In the ReadAll method in wal/wal.go, it is possible to have an entry index greater then the number of entries. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry. CVE-2020-15113 (https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92): etcd creates certain directory paths (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. Patched versions according to advisories are 3.4.10 and 3.3.23. Maintainer, please bump
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2040677801db87d8f1e546fef6f99d9d08f6a063 commit 2040677801db87d8f1e546fef6f99d9d08f6a063 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2020-08-06 07:00:26 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2020-08-06 07:01:34 +0000 dev-db/etcd: Bump to version 3.4.10 Bug: https://bugs.gentoo.org/736094 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Zac Medico <zmedico@gentoo.org> dev-db/etcd/Manifest | 1 + dev-db/etcd/etcd-3.4.10.ebuild | 80 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 81 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b63d5c005243af05c3080feb36ce154d5843724b commit b63d5c005243af05c3080feb36ce154d5843724b Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2020-08-06 06:13:56 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2020-08-06 07:01:34 +0000 dev-db/etcd: Bump to version 3.3.23 Bug: https://bugs.gentoo.org/736094 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Zac Medico <zmedico@gentoo.org> dev-db/etcd/Manifest | 1 + dev-db/etcd/etcd-3.3.23.ebuild | 87 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+)
Thanks Zac. It appears we have two supported branches in-tree now, can you add slots to differentiate them?
(In reply to John Helmert III (ajak) from comment #2) > Thanks Zac. It appears we have two supported branches in-tree now, can you > add slots to differentiate them? I wouldn't recommend co-installation of multiple etcd versions. The 3.3 branch is there just there in case someone is not prepared to upgrade to 3.4 for some reason.
A few more, no whiteboard change, same versions affected. CVE-2020-15114 (https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224): The etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway. CVE-2020-15115 (https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh): etcd does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users’ passwords with little computational effort. CVE-2020-15136 (https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q): When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. The auditors has noted that appropriate documentation of this validation functionality plus deprecation of this misleading functionality is an acceptable path forward.
Ready to stable?
Yes, please stabilize.
Thanks!
amd64 done all arches done
Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7b091a013ac656766c08cd4d30654b3daab4b4f6 commit 7b091a013ac656766c08cd4d30654b3daab4b4f6 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2020-08-15 04:08:21 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2020-08-15 04:09:27 +0000 dev-db/etcd: Remove vulnerable #736094 Bug: https://bugs.gentoo.org/736094 Package-Manager: Portage-3.0.2, Repoman-2.3.23 Signed-off-by: Zac Medico <zmedico@gentoo.org> dev-db/etcd/Manifest | 8 ---- dev-db/etcd/etcd-3.3.17.ebuild | 78 -------------------------------------- dev-db/etcd/etcd-3.3.18.ebuild | 78 -------------------------------------- dev-db/etcd/etcd-3.3.19.ebuild | 78 -------------------------------------- dev-db/etcd/etcd-3.3.20.ebuild | 78 -------------------------------------- dev-db/etcd/etcd-3.4.3.ebuild | 86 ------------------------------------------ dev-db/etcd/etcd-3.4.4.ebuild | 73 ----------------------------------- dev-db/etcd/etcd-3.4.5.ebuild | 73 ----------------------------------- dev-db/etcd/etcd-3.4.7.ebuild | 73 ----------------------------------- 9 files changed, 625 deletions(-)
GLSA vote: no. Closing, thanks all!
CVE-2020-15106: In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.
