Bug 2064702 (CVE-2022-27191)
| Summary: | CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | TEJ RATHI <trathi> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | acui, admiller, agarcial, amurdaca, aos-bugs, bbaude, bdettelb, blaise, bmontgom, bradley.g.smith, carl, code, container-sig, dbecker, debarshir, dustymabe, dwalsh, dwhatley, dymurray, ebakerupw, eparis, fdeutsch, go-sig, gparvin, hchiramm, ibolton, jakubr, jburrell, jcajka, jchaloup, jjoyce, jligon, jmatthew, jmontleo, jnovy, jokerman, jramanat, jschluet, jwendell, jwon, lball, lhh, lhinds, lmeyer, lpeer, lsm5, madam, mankulka, maszulik, matzew, mburns, mfojtik, mheon, mthoemme, nalin, ngompa13, njean, nstielau, ocs-bugs, oskutka, ovanders, pahickey, patrick, pehunt, pthomas, rcernich, rh.container.bot, rhos-maint, rhuss, rphillips, rrajasek, ryncsn, santiago, sayan.chowdhury2012, sclewis, sejug, sfowler, sgott, slinaber, slucidi, sponnaga, sseago, stcannon, stirabos, sttts, tsweeney, twalsh, umohnani, vbatts, vkumar, whayutin, xxia, zebob.m |
| Target Milestone: | --- | Keywords: | Reopened, Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | golang.org/x/crypto/ssh v0.0.0-20220315160706-3147a52a75 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-01-31 15:25:32 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2068514, 2071561, 2071562, 2071563, 2074248, 2074249, 2074250, 2068511, 2068512, 2068513, 2068515, 2068516, 2073276, 2073280, 2073281, 2073282, 2073283, 2073284, 2073292, 2074251, 2074252, 2074253, 2074254, 2074255, 2074256, 2074257, 2074258, 2074259, 2074260, 2074261, 2074262, 2074263, 2074264, 2074265, 2074266, 2074267, 2074268, 2074272, 2074273, 2074274, 2074275, 2074276, 2074277, 2074278, 2074279, 2074280, 2074281, 2074282, 2074283, 2074284, 2074285, 2074286, 2074287, 2074288, 2074289, 2074290, 2074291, 2074292, 2074293, 2074294, 2074295, 2074296, 2074297, 2074298, 2074299, 2075237, 2075238, 2075239, 2075240, 2075241, 2075243, 2075244, 2075245, 2075246, 2075247, 2075248, 2075249, 2075250 | ||
| Bug Blocks: | 2064715 | ||
|
Description
TEJ RATHI
2022-03-16 11:41:19 UTC
Created buildah tracking bugs for this issue: Affects: fedora-all [bug 2074252] Created caddy tracking bugs for this issue: Affects: fedora-all [bug 2074253] Created cri-o:1.22/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2074254] Created cri-o:nightly/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2074255] Created doctl tracking bugs for this issue: Affects: fedora-all [bug 2074256] Created golang-github-francoispqt-gojay tracking bugs for this issue: Affects: fedora-all [bug 2074257] Created golang-github-hashicorp-consul-api tracking bugs for this issue: Affects: fedora-all [bug 2074258] Created golang-github-hashicorp-consul-sdk tracking bugs for this issue: Affects: fedora-all [bug 2074259] Created golang-github-moby-buildkit tracking bugs for this issue: Affects: fedora-all [bug 2074260] Created golang-github-protonmail-crypto tracking bugs for this issue: Affects: fedora-all [bug 2074261] Created golang-googlecode-go-crypto tracking bugs for this issue: Affects: epel-all [bug 2074248] Created golang-x-crypto tracking bugs for this issue: Affects: epel-all [bug 2074249] Affects: fedora-all [bug 2074262] Created gomtree tracking bugs for this issue: Affects: fedora-all [bug 2074263] Created mantle tracking bugs for this issue: Affects: fedora-all [bug 2074264] Created origin tracking bugs for this issue: Affects: fedora-all [bug 2074265] Created pack tracking bugs for this issue: Affects: fedora-all [bug 2074266] Created podman tracking bugs for this issue: Affects: fedora-all [bug 2074267] Created rclone tracking bugs for this issue: Affects: epel-all [bug 2074250] Created restic tracking bugs for this issue: Affects: epel-all [bug 2074251] Created vultr tracking bugs for this issue: Affects: fedora-all [bug 2074268] This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.4 for RHEL 8 Via RHSA-2022:1476 https://access.redhat.com/errata/RHSA-2022:1476 NPD doesn't use this package, only the terminal package within crypto/ssh as is evidenced by my referencing NPD, I closed the wrong bug, sorry for the noise This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.5 for RHEL 8 Via RHSA-2022:4956 https://access.redhat.com/errata/RHSA-2022:4956 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Ironic content for Red Hat OpenShift Container Platform 4.11 Via RHSA-2022:5068 https://access.redhat.com/errata/RHSA-2022:5068 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2022:5069 https://access.redhat.com/errata/RHSA-2022:5069 This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8 Via RHSA-2022:6347 https://access.redhat.com/errata/RHSA-2022:6347 This issue has been addressed in the following products: RHEL-7-CNV-4.11 RHEL-8-CNV-4.11 Via RHSA-2022:6527 https://access.redhat.com/errata/RHSA-2022:6527 This issue has been addressed in the following products: RHEL-8-CNV-4.11 Via RHSA-2022:6526 https://access.redhat.com/errata/RHSA-2022:6526 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7457 https://access.redhat.com/errata/RHSA-2022:7457 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7469 https://access.redhat.com/errata/RHSA-2022:7469 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:7954 https://access.redhat.com/errata/RHSA-2022:7954 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8008 https://access.redhat.com/errata/RHSA-2022:8008 This issue has been addressed in the following products: OADP-1.1-RHEL-8 Via RHSA-2022:8634 https://access.redhat.com/errata/RHSA-2022:8634 This issue has been addressed in the following products: Openshift Serverless 1 on RHEL 8 Via RHSA-2022:8932 https://access.redhat.com/errata/RHSA-2022:8932 This issue has been addressed in the following products: RHOSS-1.26-RHEL-8 Via RHSA-2022:8938 https://access.redhat.com/errata/RHSA-2022:8938 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2022:8893 https://access.redhat.com/errata/RHSA-2022:8893 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2022:9107 https://access.redhat.com/errata/RHSA-2022:9107 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2022:7401 https://access.redhat.com/errata/RHSA-2022:7401 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2022:9096 https://access.redhat.com/errata/RHSA-2022:9096 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-27191 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:1326 https://access.redhat.com/errata/RHSA-2023:1326 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:3366 https://access.redhat.com/errata/RHSA-2023:3366 This issue has been addressed in the following products: RHACS-4.1-RHEL-8 Via RHSA-2023:3943 https://access.redhat.com/errata/RHSA-2023:3943 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2023:4488 https://access.redhat.com/errata/RHSA-2023:4488 |