[USN-6189-1] etcd vulnerability

Mark Esler mark.esler at canonical.com
Wed Jun 28 03:40:13 UTC 2023

Ubuntu Security Notice USN-6189-1
June 28, 2023

etcd vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04
- Ubuntu 22.10


etcd could be made to expose sensitive information over the

Software Description:
- etcd: highly-available key value store -- client


It was discovered that etcd leaked credentials when debugging
was enabled. This allowed remote attackers to discover etcd 
authentication credentials and possibly escalate privileges on
systems using etcd.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
etcd-client 3.4.23-4ubuntu0.1
etcd-server 3.4.23-4ubuntu0.1

Ubuntu 22.10:
etcd-client 3.3.25+dfsg-7ubuntu0.22.10.2
etcd-server 3.3.25+dfsg-7ubuntu0.22.10.2

In general, a standard system update will make all the necessary changes.


Package Information:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xD60B83C90513BD4F.asc
Type: application/pgp-keys
Size: 4646 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20230627/87d2784c/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20230627/87d2784c/attachment.sig>

More information about the ubuntu-security-announce mailing list