An update for etcd is now available for openEuler-20.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1682 Final 1.0 1.0 2025-06-27 Initial 2025-06-27 2025-06-27 openEuler SA Tool V1.0 2025-06-27 etcd security update An update for etcd is now available for openEuler-20.03-LTS-SP4 %{expand: Security Fix(es): When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.(CVE-2023-45290) If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.(CVE-2024-24785) An update for etcd is now available for openEuler-20.03-LTS-SP4-LTS-SP1/openEuler-24.03-LTS-SP2. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium etcd https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1682 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-45290 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-24785 https://nvd.nist.gov/vuln/detail/CVE-2023-45290 https://nvd.nist.gov/vuln/detail/CVE-2024-24785 openEuler-20.03-LTS-SP4 etcd-3.4.14-11.oe2003sp4.aarch64.rpm etcd-3.4.14-11.oe2003sp4.src.rpm etcd-3.4.14-11.oe2003sp4.x86_64.rpm When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines. 2025-06-27 CVE-2023-45290 openEuler-20.03-LTS-SP4 Medium 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H etcd security update 2025-06-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1682 If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates. 2025-06-27 CVE-2024-24785 openEuler-20.03-LTS-SP4 Medium 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N etcd security update 2025-06-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1682