Bugzilla – Bug 1174951
VUL-0: CVE-2020-15106,CVE-2020-15112: etcd: a large slice causes panic in decodeRecord method and improper checks in entry index
Last modified: 2024-04-15 15:00:02 UTC
CVE-2020-15106 In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. CVE-2020-15112 In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15106 http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15106.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15106 https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15112 http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15112.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15112 https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93
Comparing the versions 3.4.9 with 3.4.10 [0] the commit for both CVEs should be at [1]. Tracked CaaSP4 as affected, Leap 15.2 and Factory. [0] https://github.com/etcd-io/etcd/compare/v3.4.9...v3.4.10 [1] https://github.com/etcd-io/etcd/commit/4571e528f49625d3de3170f219a45c3b3d38c675
(In reply to Alexandros Toptsoglou from comment #1) > Comparing the versions 3.4.9 with 3.4.10 [0] the commit for both CVEs should > be at [1]. > > Tracked CaaSP4 as affected, Leap 15.2 and Factory. > > [0] https://github.com/etcd-io/etcd/compare/v3.4.9...v3.4.10 > [1] > https://github.com/etcd-io/etcd/commit/ > 4571e528f49625d3de3170f219a45c3b3d38c675 I'll update Factory
Factory submission made: https://build.opensuse.org/request/show/824853
SUSE-SU-2020:3761-1: An update that solves four vulnerabilities and has 11 fixes is now available. Category: security (important) Bug References: 1172270,1173055,1173165,1174219,1174951,1175352,1176225,1176578,1176903,1176904,1177361,1177362,1177660,1177661,1178785 CVE References: CVE-2020-15106,CVE-2020-8029,CVE-2020-8564,CVE-2020-8565 JIRA References: Sources used: SUSE CaaS Platform 4.5 (src): caasp-release-4.5.2-1.8.2, cri-o-1.18-1.18.4-4.3.2, etcd-3.4.13-3.3.1, helm2-2.16.12-3.3.1, helm3-3.3.3-3.8.1, kubernetes-1.18-1.18.10-4.3.1, patterns-caasp-Management-4.5-3.3.1, skuba-2.1.11-3.10.1, velero-1.4.2-3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:3760-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 1174219,1174951,1176752,1176753,1176754,1176755,1177661,1177662 CVE References: CVE-2020-15106,CVE-2020-15112,CVE-2020-15184,CVE-2020-15185,CVE-2020-15186,CVE-2020-15187,CVE-2020-8565,CVE-2020-8566 JIRA References: Sources used: SUSE Linux Enterprise Module for Containers 15-SP1 (src): kubernetes-1.17.13-4.21.2 SUSE CaaS Platform 4.0 (src): caasp-release-4.2.4-24.36.1, cri-o-1.16.1-3.37.3, etcd-3.4.13-4.15.1, helm-2.16.12-3.10.1, kubernetes-1.17.13-4.21.2, skuba-1.4.11-3.49.2, terraform-provider-aws-2.59.0-1.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done