Bug 1633036 (CVE-2018-17143)
Summary: | CVE-2018-17143 golang-org-x-net-html: Runtime panic in html.Parse() via crafted html | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Sam Fowler <sfowler> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | admiller, ahardin, apevec, bleanhar, bmontgom, bodavis, ccoleman, chrisw, dedgar, dustymabe, eparis, extras-orphan, fpokorny, hchiramm, jarrpa, jburrell, jcajka, jchaloup, jgoulding, jjoyce, jmulligan, jokerman, jpadman, jschluet, kramdoss, kumarpraveen.nitdgp, lhh, lpabon, lpeer, madam, markmc, mburns, mchappel, mmagr, mnewsome, nstielau, ramkrsna, rbryant, rhs-bugs, sclewis, sisharma, slinaber, sponnaga, tdawson, tdecacqu, thrcka |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-25 22:19:23 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1633037, 1633038, 1633039, 1633040, 1638190, 1639102, 1639103, 1651093 | ||
Bug Blocks: | 1633022, 1633033 |
Description
Sam Fowler
2018-09-26 06:11:15 UTC
Created heketi tracking bugs for this issue: Affects: epel-6 [bug 1633040] Affects: fedora-all [bug 1633039] Created kompose tracking bugs for this issue: Affects: fedora-all [bug 1633038] Created origin tracking bugs for this issue: Affects: fedora-all [bug 1633037] Created golang-googlecode-net tracking bugs for this issue: Affects: epel-6 [bug 1639103] Affects: fedora-all [bug 1639102] RHEL7 (source from roughly 2014) not affected by reproducer. Most likely occurred when the template changes were merged in 2017. (guessing https://github.com/golang/net/commit/500e7a4f953ddaf55d316b4d3adc516aa0379622) OpenStack OpTools 8/9 grafana versions do not include net/html, which includes the flawed code. OpenStack OpTools 9 golang-googlecode-net does have the flawed code. Kompose was in DevTools as part of devsuite. Devsuite is now retired (https://developers.redhat.com/products/devsuite/overview/) |