Package etcd: Information

    Source package: etcd
    Version: 3.5.28-alt1
    Build time:  Apr 2, 2026, 05:01 PM in the task #413841
    Category: System/Servers
    Report package bug
    Gear: https://git.altlinux.org/gears/e/etcd.git?a=tree;hb=c71bb691435c…
    Home page: https://etcd.io
    VCS: https://github.com/etcd-io/etcd
    License: Apache-2.0
    Summary: A highly-available key value store for shared configuration
    Description: 
    Etcd is a distributed key value store that provides a reliable way to store data
across a cluster of machines. Etcd gracefully handles leader elections during network
partitions and will tolerate machine failure, including the leader.
    List of RPM packages built from this SRPM:
    etcd (x86_64, i586, aarch64)
    etcd-debuginfo (x86_64, i586, aarch64)
    Maintainer: Alexander Stepchenko
    List of contributors:
    Alexander Stepchenko
    Alexey Shabalin
    Paul Wolneykien
    Alexey Gladkov
      1. golang >= 1.25
      2. rpm-macros-golang
      3. rpm-build-golang

    Last changed

    April 1, 2026 Alexander Stepchenko 3.5.28-alt1
    - 3.5.26 -> 3.5.28.
- Fixes:
  + CVE-2026-24051: OpenTelemetry-Go Affected by Arbitrary Code Execution via PATH Hijacking
  + CVE-2026-27141: Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net
  + CVE-2026-33186: gRPC-Go has an authorization bypass via missing leading slash in :path
  + CVE-2026-33343: etcd: Nested etcd transactions bypass RBAC authorization checks
  + CVE-2026-33413: etcd: Authorization bypasses in multiple APIs
    Jan. 27, 2026 Alexander Stepchenko 3.5.26-alt1
    - 3.5.23 -> 3.5.26
- Fixes:
  + CVE-2025-47914: Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent
  + CVE-2025-58181: Unbounded memory consumption in golang.org/x/crypto/ssh
    Oct. 14, 2025 Alexander Stepchenko 3.5.23-alt1
    - 3.5.16 -> 3.5.23
- Fixes:
  + CVE-2024-45337: Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto
  + CVE-2024-45338: Non-linear parsing of case-insensitive content in golang.org/x/net/html
  + CVE-2024-51744: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt
  + CVE-2025-22869: Potential denial of service in golang.org/x/crypto
  + CVE-2025-22870: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
  + CVE-2025-22872: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net
  + CVE-2025-30204: jwt-go allows excessive memory allocation during header parsing
    VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
    Version: v26.2.2
    Back to top