CVE-2024-4436

Publication date 8 May 2024

Last updated 24 July 2024

Ubuntu priority

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
etcd	24.04 LTS noble	Not affected
	23.10 mantic	Not affected
	22.04 LTS jammy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected

How can I get the fixes?
What do statuses mean?

Notes

rodrigo-zaiden

only affects etcd as distributed in RH OpenStack.

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2024-4436
https://access.redhat.com/security/cve/CVE-2024-4436
https://bugzilla.redhat.com/show_bug.cgi?id=2279357