{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_informational_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright © Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for etcd is now available for Red Hat Enterprise Linux 7 Extras.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 5th March 2019]\nOn 5th February 2019, the updated etcd packages previously included in this erratum were removed. For further details about this removal, refer to the Red Hat Knowledgebase article 3938261 linked in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The etcd packages provide a highly available key-value store for shared configuration.\n\nThe following packages have been upgraded to a later upstream version: etcd (3.3.11). (BZ#1664290)\n\nSecurity Fix(es):\n\n* etcd: Improper Authentication in auth/store.go:AuthInfoFromTLS() via gRPC-gateway (CVE-2018-16886)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Matt Wheeler (Osirium) for reporting this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2019:0237",
        "url": "https://access.redhat.com/errata/RHSA-2019:0237"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/articles/3938261",
        "url": "https://access.redhat.com/articles/3938261"
      },
      {
        "category": "external",
        "summary": "1651034",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1651034"
      },
      {
        "category": "external",
        "summary": "1664290",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1664290"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0237.json"
      }
    ],
    "title": "Red Hat Security Advisory: etcd security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2025-11-21T18:07:28+00:00",
      "generator": {
        "date": "2025-11-21T18:07:28+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2019:0237",
      "initial_release_date": "2019-01-31T20:01:23+00:00",
      "revision_history": [
        {
          "date": "2019-01-31T20:01:23+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2019-03-05T18:40:03+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:07:28+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux 7 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux 7 Extras",
                  "product_id": "Red Hat Enterprise Linux 7 Extras",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras_other:7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Extras"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  }
}