1. Ubuntu Security Notices
  2. USN-6189-1

USN-6189-1: etcd vulnerability

Publication date

28 June 2023

Overview

etcd could be made to expose sensitive information over the network.

Releases

Packages

  • etcd - Transitional package for etcd-client and etcd-server

Details

It was discovered that etcd leaked credentials when debugging
was enabled. This allowed remote attackers to discover etcd
authentication credentials and possibly escalate privileges on
systems using etcd.

It was discovered that etcd leaked credentials when debugging
was enabled. This allowed remote attackers to discover etcd
authentication credentials and possibly escalate privileges on
systems using etcd.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
23.04 lunar etcd-server –  3.4.23-4ubuntu0.1
etcd-client –  3.4.23-4ubuntu0.1
22.10 kinetic etcd-server –  3.3.25+dfsg-7ubuntu0.22.10.2
etcd-client –  3.3.25+dfsg-7ubuntu0.22.10.2
22.04 jammy etcd-server –  3.3.25+dfsg-7ubuntu0.22.04.1+esm1  
etcd-client –  3.3.25+dfsg-7ubuntu0.22.04.1+esm1  
20.04 focal etcd-server –  3.2.26+dfsg-6ubuntu0.2+esm1  
etcd-client –  3.2.26+dfsg-6ubuntu0.2+esm1  
18.04 bionic etcd-server –  3.2.17+dfsg-1ubuntu0.1+esm2  
etcd-client –  3.2.17+dfsg-1ubuntu0.1+esm2  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›