Bug 2077689 (CVE-2022-28327)

Summary: CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar
Product: [Other] Security Response Reporter: Nick Tait <ntait>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abishop, acui, adam.kaplan, admiller, adudiak, agarcial, ahanwate, akashem, akoutsou, alexander.bulimov, alitke, amackenz, amasferr, amctagga, amurdaca, andrew.jeddeloh, anon.amish, anpicker, ansmith, aoconnor, aos-bugs, aos-odin-bot, aos-team-ota, apevec, aputtur, arunprabhu.vijayan, asm, athoscribeiro, bbennett, bcoca, bdettelb, bkundu, blaise, bmontgom, bniver, bodavis, bperkins, bradley.g.smith, bthurber, carl, carmelo.sarta.main, caswilli, chazlett, chousekn, cmarinea, cmeyers, cnv-qe-bugs, code, comzeradd, container-sig, dagray, davide, davidn, dbenoit, denis, deparker, dholler, dornelas, dperaza, drieden, dustymabe, dwd, dwest, dwhatley, dymurray, ebakerupw, eglynn, ego.cordatus, emachado, eparis, ericedens, esm, etamir, extras-orphan, fdeutsch, filbranden, fjansen, flucifre, gblomqui, gchamoul, gmeno, go-sig, gparvin, gscrivan, hchiramm, hhorak, ibolton, i, ijolliff, infra-sig, inoton, jacding, jaharrin, jakob, jbrooks, jburrell, jcajka, jcammara, jchaloup, jchui, jeder, jeffschroeder, jerzhang, jhadvig, jhardy, jhrozek, jitsingh, jjelen, jjoyce, jkoehler, jmatthew, jmencak, jmontleo, jmulligan, jnovy, jobarker, joe, jokerman, jonathan, jortel, jpadman, jramanat, jrivera, jshaughn, jwboyer, jwendell, jwong, jwon, kaycoth, kolyshkin, kshlmster, ktokunaga.mail, kwalker, lacypret, lball, lbragsta, lemenkov, lhh, lkiesow, lmadsen, lmeyer, lsm5, lueberni, mabashia, maciek.borzecki, madam, marcandre.lureau, maszulik, matzew, maxwell, mbenjamin, mburns, mcressma, me, me, me, mfojtik, mgarciac, mgoodwin, mhackett, miabbott, michel, mikel, mkleinhe, mkudlej, mmagr, mnewsome, mokumar, mrogers, mrunge, mrussell, mskalicky, mthoemme, mwringe, nalin, nbecker, nboldt, ngompa13, ngough, njean, nobody, notting, nparekh, nstielau, n.yaghoobi.s, obudai, obulatov, ocs-bugs, o.lemasle, openshift-release-oversight, opohorel, osapryki, oskutka, ovanders, pahickey, pakotvan, patrick, paul, paul.wouters, pegoncal, philipp, pjindal, pkubat, ploffay, quantum.analyst, rcernich, redhat, relrod, rfreiman, rh.container.bot, rhcos-triage, rhos-maint, rhs-bugs, rhuss, rominf, rpetrell, rphillips, rrajasek, ryncsn, sanchezl, sanne.raymaekers, santiago, saroy, sayan.chowdhury2012, scorneli, sdoran, sejug, sgott, sipoyare, skunkerk, slaznick, slowrie, slucidi, smcdonal, sostapov, spandura, spasquie, sponnaga, spower, sseago, ssteinbe, stcannon, stirabos, strigazi, surbania, tcarlin, team-winc-bot, tfister, tgunders, thrcka, TicoTimo, tjochec, tkasparek, tkuratom, tmhoang, tnielsen, travier, tsedovic, tstellar, twalsh, uhhadd, user-cont-team+packit-fas, vbatts, vereddy, vkumar, walters, wenshen, whayutin, xiyuan, xxia, yanqiyu01, ypadia, zdohnal, zebob.m
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: go 1.17.9, go 1.18.1 Doc Type: If docs needed, set a value
Doc Text:
An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-12-09 12:33:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2081538, 2084853, 2084855, 2084856, 2084857, 2084858, 2084859, 2084860, 2084861, 2084862, 2084863, 2084864, 2084866, 2084867, 2084868, 2084869, 2084870, 2084872, 2084873, 2084875, 2084877, 2102786, 2105178, 2105179, 2105180, 2105182, 2079726, 2079727, 2079728, 2079729, 2079730, 2079731, 2079732, 2079733, 2079734, 2079736, 2079737, 2079738, 2079821, 2079822, 2079823, 2079824, 2079825, 2079826, 2081498, 2081499, 2081500, 2081501, 2081502, 2081503, 2081505, 2081506, 2081508, 2081509, 2081510, 2081511, 2081512, 2081513, 2081514, 2083276, 2083277, 2083278, 2083279, 2083280, 2083281, 2083282, 2083283, 2083284, 2083285, 2083286, 2083287, 2083288, 2083289, 2083290, 2083291, 2083292, 2083381, 2083382, 2083801, 2083802, 2083803, 2083804, 2083805, 2083806, 2083807, 2083808, 2083809, 2083810, 2083811, 2083812, 2083815, 2083816, 2083817, 2083818, 2083819, 2083820, 2083821, 2083822, 2083823, 2083824, 2083825, 2083826, 2083827, 2083828, 2083829, 2083830, 2083831, 2083832, 2083834, 2083835, 2083836, 2083837, 2083838, 2084277, 2084278, 2084346, 2084347, 2084348, 2084349, 2084350, 2084351, 2084352, 2084353, 2084354, 2084355, 2084854, 2084865, 2084871, 2084874, 2084876, 2096608, 2096609, 2096610, 2096611, 2096612, 2096613, 2096614, 2096615, 2096625, 2096626, 2096627, 2096628, 2096629, 2096630, 2096631, 2096632, 2096633, 2096634, 2096635, 2096636, 2096637, 2096639, 2096640, 2096641, 2096642, 2096643, 2096644, 2096645, 2096646, 2096647, 2096648, 2096649, 2096650, 2096651, 2096652, 2096653, 2096654, 2096655, 2096656, 2096657, 2096658, 2096659, 2096660, 2096661, 2096662, 2096663, 2096664, 2096665, 2096666, 2096667, 2096668, 2096669, 2096670, 2096671, 2096672, 2096673, 2096674, 2096675, 2096676, 2096677, 2096678, 2096679, 2096680, 2096681, 2096682, 2096683, 2096684, 2096685, 2096686, 2096687, 2096688, 2102785, 2105181, 2127299, 2127300, 2168805    
Bug Blocks: 2077686    

Description Nick Tait 2022-04-21 22:35:45 UTC
crypto/elliptic: tolerate all oversized scalars in generic P-256

A crafted scalar input longer than 32 bytes can cause P256().ScalarMult or P256().ScalarBaseMult to panic. Indirect uses through crypto/ecdsa and crypto/tls are unaffected. amd64, arm64, ppc64le, and s390x are unaffected.

This was discovered thanks to a Project Wycheproof test vector.

This is CVE-2022-28327 and https://go.dev/issue/52075.

Comment 1 Nick Tait 2022-04-21 22:53:38 UTC
patch is here: https://go-review.googlesource.com/c/go/+/397135/

Comment 5 TEJ RATHI 2022-04-28 10:21:21 UTC
Created golang tracking bugs for this issue:

Affects: epel-all [bug 2079825]
Affects: fedora-all [bug 2079826]

Comment 10 Anten Skrabec 2022-05-03 22:32:57 UTC
Created golang tracking bugs for this issue:

Affects: openstack-rdo [bug 2081538]

Comment 17 Sage McTaggart 2022-05-12 16:51:58 UTC
Created aerc tracking bugs for this issue:

Affects: fedora-34 [bug 2084878]


Created age tracking bugs for this issue:

Affects: fedora-34 [bug 2084879]


Created apache-cloudstack-cloudmonkey tracking bugs for this issue:

Affects: fedora-34 [bug 2084880]


Created bettercap tracking bugs for this issue:

Affects: fedora-34 [bug 2084881]


Created buildah tracking bugs for this issue:

Affects: fedora-34 [bug 2084882]


Created butane tracking bugs for this issue:

Affects: fedora-34 [bug 2084883]


Created caddy tracking bugs for this issue:

Affects: fedora-34 [bug 2084884]


Created cadvisor tracking bugs for this issue:

Affects: fedora-34 [bug 2084885]


Created chaos-client tracking bugs for this issue:

Affects: fedora-34 [bug 2084886]


Created chisel tracking bugs for this issue:

Affects: fedora-34 [bug 2084887]


Created clash tracking bugs for this issue:

Affects: fedora-34 [bug 2084888]


Created conmon tracking bugs for this issue:

Affects: fedora-34 [bug 2084889]


Created containerd tracking bugs for this issue:

Affects: fedora-34 [bug 2084890]


Created containernetworking-plugins tracking bugs for this issue:

Affects: fedora-34 [bug 2084891]


Created cri-o:1.17/cri-o tracking bugs for this issue:

Affects: fedora-34 [bug 2084892]


Created cri-o:1.20/cri-tools tracking bugs for this issue:

Affects: fedora-34 [bug 2084893]


Created crlfuzz tracking bugs for this issue:

Affects: fedora-34 [bug 2084894]


Created direnv tracking bugs for this issue:

Affects: fedora-34 [bug 2084895]


Created dnscrypt-proxy tracking bugs for this issue:

Affects: epel-8 [bug 2084862]
Affects: fedora-34 [bug 2084896]


Created dnscrypt-proxy2 tracking bugs for this issue:

Affects: epel-7 [bug 2084853]


Created dnsprobe tracking bugs for this issue:

Affects: fedora-34 [bug 2084897]


Created doctl tracking bugs for this issue:

Affects: fedora-34 [bug 2084898]


Created etcd tracking bugs for this issue:

Affects: fedora-34 [bug 2084899]


Created exercism tracking bugs for this issue:

Affects: fedora-34 [bug 2084900]


Created fedora-coreos-config-transpiler tracking bugs for this issue:

Affects: fedora-34 [bug 2084901]


Created ffuf tracking bugs for this issue:

Affects: fedora-34 [bug 2084902]


Created geoipupdate tracking bugs for this issue:

Affects: fedora-34 [bug 2084903]


Created gh tracking bugs for this issue:

Affects: fedora-34 [bug 2084904]


Created git-lfs tracking bugs for this issue:

Affects: epel-7 [bug 2084854]
Affects: fedora-34 [bug 2084905]


Created gitjacker tracking bugs for this issue:

Affects: fedora-34 [bug 2084906]


Created golang-github-prometheus tracking bugs for this issue:

Affects: epel-7 [bug 2084855]
Affects: epel-8 [bug 2084863]


Created golang-github-prometheus-alertmanager tracking bugs for this issue:

Affects: epel-8 [bug 2084864]


Created golang-github-prometheus-node-exporter tracking bugs for this issue:

Affects: epel-7 [bug 2084856]
Affects: epel-8 [bug 2084865]


Created golang-googlecode-go-crypto tracking bugs for this issue:

Affects: epel-7 [bug 2084857]


Created golang-x-crypto tracking bugs for this issue:

Affects: epel-8 [bug 2084866]


Created golang-x-net tracking bugs for this issue:

Affects: epel-8 [bug 2084867]


Created golang-x-text tracking bugs for this issue:

Affects: epel-8 [bug 2084868]


Created golie tracking bugs for this issue:

Affects: epel-7 [bug 2084858]
Affects: epel-8 [bug 2084869]


Created micro tracking bugs for this issue:

Affects: epel-8 [bug 2084870]


Created pack tracking bugs for this issue:

Affects: epel-8 [bug 2084871]


Created rclone tracking bugs for this issue:

Affects: epel-7 [bug 2084859]
Affects: epel-8 [bug 2084872]


Created reg tracking bugs for this issue:

Affects: epel-7 [bug 2084860]
Affects: epel-8 [bug 2084873]


Created restic tracking bugs for this issue:

Affects: epel-8 [bug 2084874]


Created snapd tracking bugs for this issue:

Affects: epel-7 [bug 2084861]
Affects: epel-8 [bug 2084875]


Created syncthing tracking bugs for this issue:

Affects: epel-8 [bug 2084876]


Created yubihsm-connector tracking bugs for this issue:

Affects: epel-8 [bug 2084877]

Comment 18 Sage McTaggart 2022-05-12 20:14:32 UTC
Created gobuster tracking bugs for this issue:

Affects: fedora-34 [bug 2085131]


Created golang tracking bugs for this issue:

Affects: fedora-34 [bug 2085132]


Created golang-ariga-atlas tracking bugs for this issue:

Affects: fedora-34 [bug 2085133]


Created golang-bazil-fuse tracking bugs for this issue:

Affects: fedora-34 [bug 2085134]


Created golang-cloud-google tracking bugs for this issue:

Affects: fedora-34 [bug 2085135]


Created golang-contrib-opencensus-exporter-ocagent tracking bugs for this issue:

Affects: fedora-34 [bug 2085136]


Created golang-contrib-opencensus-exporter-stackdriver tracking bugs for this issue:

Affects: fedora-34 [bug 2085137]


Created golang-github-acme-lego tracking bugs for this issue:

Affects: fedora-34 [bug 2085138]


Created golang-github-acme-lego-3 tracking bugs for this issue:

Affects: fedora-34 [bug 2085139]


Created golang-github-ajstarks-deck tracking bugs for this issue:

Affects: fedora-34 [bug 2085140]


Created golang-github-akamai-akamaiopen-edgegrid tracking bugs for this issue:

Affects: fedora-34 [bug 2085142]


Created golang-github-akihirosuda-containerd-fuse-overlayfs tracking bugs for this issue:

Affects: fedora-34 [bug 2085143]


Created golang-github-alicebob-miniredis tracking bugs for this issue:

Affects: fedora-34 [bug 2085144]


Created golang-github-aliyun-alibaba-cloud-sdk tracking bugs for this issue:

Affects: fedora-34 [bug 2085145]


Created golang-github-aliyun-cli tracking bugs for this issue:

Affects: fedora-34 [bug 2085146]


Created golang-github-anacrolix-dms tracking bugs for this issue:

Affects: fedora-34 [bug 2085147]


Created golang-github-anacrolix-envpprof tracking bugs for this issue:

Affects: fedora-34 [bug 2085148]


Created golang-github-anacrolix-log tracking bugs for this issue:

Affects: fedora-34 [bug 2085149]


Created golang-github-anacrolix-missinggo tracking bugs for this issue:

Affects: fedora-34 [bug 2085150]


Created golang-github-anacrolix-stm tracking bugs for this issue:

Affects: fedora-34 [bug 2085151]


Created golang-github-anacrolix-tagflag tracking bugs for this issue:

Affects: fedora-34 [bug 2085152]


Created golang-github-anaskhan96-soup tracking bugs for this issue:

Affects: fedora-34 [bug 2085153]


Created golang-github-andybalholm-brotli tracking bugs for this issue:

Affects: fedora-34 [bug 2085154]


Created golang-github-andygrunwald-gerrit tracking bugs for this issue:

Affects: fedora-34 [bug 2085155]


Created golang-github-antchfx-htmlquery tracking bugs for this issue:

Affects: fedora-34 [bug 2085156]


Created golang-github-antchfx-jsonquery tracking bugs for this issue:

Affects: fedora-34 [bug 2085158]


Created golang-github-antchfx-xmlquery tracking bugs for this issue:

Affects: fedora-34 [bug 2085159]


Created golang-github-apex-log tracking bugs for this issue:

Affects: fedora-34 [bug 2085160]


Created golang-github-apex-logs tracking bugs for this issue:

Affects: fedora-34 [bug 2085161]


Created golang-github-aquarapid-vaultlib tracking bugs for this issue:

Affects: fedora-34 [bug 2085162]


Created golang-github-aquasecurity-dep-parser tracking bugs for this issue:

Affects: fedora-34 [bug 2085163]


Created golang-github-armon-metrics tracking bugs for this issue:

Affects: fedora-34 [bug 2085164]


Created golang-github-asaskevich-govalidator tracking bugs for this issue:

Affects: fedora-34 [bug 2085166]


Created golang-github-auth0-jwt-middleware tracking bugs for this issue:

Affects: fedora-34 [bug 2085167]


Created golang-github-aws-lambda tracking bugs for this issue:

Affects: fedora-34 [bug 2085168]


Created golang-github-aws-sdk tracking bugs for this issue:

Affects: fedora-34 [bug 2085169]


Created golang-github-aws-sdk-2 tracking bugs for this issue:

Affects: fedora-34 [bug 2085170]


Created golang-github-aws-smithy tracking bugs for this issue:

Affects: fedora-34 [bug 2085171]


Created golang-github-azure-amqp tracking bugs for this issue:

Affects: fedora-34 [bug 2085172]


Created golang-github-azure-amqp-common tracking bugs for this issue:

Affects: fedora-34 [bug 2085173]


Created golang-github-azure-pipeline tracking bugs for this issue:

Affects: fedora-34 [bug 2085174]


Created golang-github-azure-service-bus tracking bugs for this issue:

Affects: fedora-34 [bug 2085175]


Created golang-github-azure-storage-blob tracking bugs for this issue:

Affects: fedora-34 [bug 2085176]


Created golang-github-badoux-checkmail tracking bugs for this issue:

Affects: fedora-34 [bug 2085177]


Created golang-github-couchbase-gomemcached tracking bugs for this issue:

Affects: fedora-34 [bug 2085178]


Created yubihsm-connector tracking bugs for this issue:

Affects: fedora-35 [bug 2085179]

Comment 19 Sage McTaggart 2022-05-12 20:46:38 UTC
Created golang-github-bketelsen-crypt tracking bugs for this issue:

Affects: fedora-34 [bug 2085190]


Created golang-github-bobesa-domain-util tracking bugs for this issue:

Affects: fedora-34 [bug 2085191]


Created golang-github-bsphere-le tracking bugs for this issue:

Affects: fedora-34 [bug 2085192]


Created golang-github-btcsuite-btcutil-base58 tracking bugs for this issue:

Affects: fedora-34 [bug 2085193]


Created golang-github-certifi-gocertifi tracking bugs for this issue:

Affects: fedora-34 [bug 2085194]


Created golang-github-cheekybits-genny tracking bugs for this issue:

Affects: fedora-34 [bug 2085195]


Created golang-github-chi tracking bugs for this issue:

Affects: fedora-34 [bug 2085196]


Created golang-github-chi-cors tracking bugs for this issue:

Affects: fedora-34 [bug 2085197]


Created golang-github-chromedp tracking bugs for this issue:

Affects: fedora-34 [bug 2085198]


Created golang-github-chromedp-cdproto tracking bugs for this issue:

Affects: fedora-34 [bug 2085199]


Created golang-github-circonus-labs-apiclient tracking bugs for this issue:

Affects: fedora-34 [bug 2085200]


Created golang-github-circonus-labs-gometrics tracking bugs for this issue:

Affects: fedora-34 [bug 2085201]


Created golang-github-cli-oauth tracking bugs for this issue:

Affects: fedora-34 [bug 2085202]


Created golang-github-cli-shurcool-graphql tracking bugs for this issue:

Affects: fedora-34 [bug 2085203]


Created golang-github-clickhouse tracking bugs for this issue:

Affects: fedora-34 [bug 2085204]


Created golang-github-cloudflare tracking bugs for this issue:

Affects: fedora-34 [bug 2085205]


Created golang-github-cloudflare-cfssl tracking bugs for this issue:

Affects: fedora-34 [bug 2085206]


Created golang-github-cockroachdb-cockroach-go tracking bugs for this issue:

Affects: fedora-34 [bug 2085207]


Created golang-github-cockroachdb-datadriven tracking bugs for this issue:

Affects: fedora-34 [bug 2085208]


Created golang-github-cockroachdb-errors tracking bugs for this issue:

Affects: fedora-34 [bug 2085209]


Created golang-github-cockroachdb-pebble tracking bugs for this issue:

Affects: fedora-34 [bug 2085210]


Created golang-github-cockroachdb-sentry tracking bugs for this issue:

Affects: fedora-34 [bug 2085211]


Created golang-github-colinmarc-hdfs-2 tracking bugs for this issue:

Affects: fedora-34 [bug 2085212]


Created golang-github-container-storage-interface-spec tracking bugs for this issue:

Affects: fedora-34 [bug 2085213]


Created golang-github-containerd-aufs tracking bugs for this issue:

Affects: fedora-34 [bug 2085214]

Comment 20 Sage McTaggart 2022-05-12 21:20:48 UTC
Created golang-github-containerd-fuse-overlayfs-snapshotter tracking bugs for this issue:

Affects: fedora-34 [bug 2085247]


Created golang-github-containerd-imgcrypt tracking bugs for this issue:

Affects: fedora-34 [bug 2085248]


Created golang-github-containerd-nri tracking bugs for this issue:

Affects: fedora-34 [bug 2085249]


Created golang-github-containerd-zfs tracking bugs for this issue:

Affects: fedora-34 [bug 2085250]


Created golang-github-containers-ocicrypt tracking bugs for this issue:

Affects: fedora-34 [bug 2085251]


Created golang-github-coocood-freecache tracking bugs for this issue:

Affects: fedora-34 [bug 2085252]


Created golang-github-coreos-oidc tracking bugs for this issue:

Affects: fedora-34 [bug 2085253]


Created golang-github-coreos-systemd tracking bugs for this issue:

Affects: fedora-34 [bug 2085254]


Created golang-github-cosmos72-gomacro tracking bugs for this issue:

Affects: fedora-34 [bug 2085255]


Created golang-github-couchbase tracking bugs for this issue:

Affects: fedora-34 [bug 2085256]


Created golang-github-cpu-goacmedns tracking bugs for this issue:

Affects: fedora-34 [bug 2085257]


Created golang-github-crewjam-httperr tracking bugs for this issue:

Affects: fedora-34 [bug 2085258]


Created golang-github-crewjam-saml tracking bugs for this issue:

Affects: fedora-34 [bug 2085259]


Created golang-github-cucumber-godog tracking bugs for this issue:

Affects: fedora-34 [bug 2085260]


Created golang-github-data-dog-sqlmock tracking bugs for this issue:

Affects: fedora-34 [bug 2085261]


Created golang-github-decker502-dnspod tracking bugs for this issue:

Affects: fedora-34 [bug 2085262]


Created golang-github-deepmap-oapi-codegen tracking bugs for this issue:

Affects: fedora-34 [bug 2085263]


Created golang-github-deislabs-oras tracking bugs for this issue:

Affects: fedora-34 [bug 2085264]

Comment 21 Sage McTaggart 2022-05-13 15:44:54 UTC
Created golang-github-denisenkom-mssqldb tracking bugs for this issue:

Affects: fedora-34 [bug 2085554]


Created golang-github-dghubble-oauth1 tracking bugs for this issue:

Affects: fedora-34 [bug 2085556]


Created golang-github-dghubble-sessions tracking bugs for this issue:

Affects: fedora-34 [bug 2085557]


Created golang-github-dghubble-sling tracking bugs for this issue:

Affects: fedora-34 [bug 2085558]


Created golang-github-dghubble-twitter tracking bugs for this issue:

Affects: fedora-34 [bug 2085559]


Created golang-github-digitalocean-godo tracking bugs for this issue:

Affects: fedora-34 [bug 2085560]


Created golang-github-distribution-3 tracking bugs for this issue:

Affects: fedora-34 [bug 2085561]


Created golang-github-dnaeon-vcr tracking bugs for this issue:

Affects: fedora-34 [bug 2085563]


Created golang-github-dnsimple tracking bugs for this issue:

Affects: fedora-34 [bug 2085564]


Created golang-github-docker-distribution tracking bugs for this issue:

Affects: fedora-34 [bug 2085565]


Created golang-github-docker-metrics tracking bugs for this issue:

Affects: fedora-34 [bug 2085566]


Created golang-github-docker-slim tracking bugs for this issue:

Affects: fedora-34 [bug 2085567]


Created golang-github-doug-martin-goqu-8 tracking bugs for this issue:

Affects: fedora-34 [bug 2085568]


Created golang-github-dpotapov-spnego tracking bugs for this issue:

Affects: fedora-34 [bug 2085569]


Created golang-github-dravenk-webthing tracking bugs for this issue:

Affects: fedora-34 [bug 2085570]


Created golang-github-duosecurity-duo-api tracking bugs for this issue:

Affects: fedora-34 [bug 2085571]

Comment 22 Sage McTaggart 2022-05-13 17:18:14 UTC
Created golang-github-dvsekhvalnov-jose2go tracking bugs for this issue:

Affects: fedora-34 [bug 2085648]


Created golang-github-eclipse-paho-mqtt tracking bugs for this issue:

Affects: fedora-34 [bug 2085649]


Created golang-github-elastic-elasticsearch-6 tracking bugs for this issue:

Affects: fedora-34 [bug 2085650]


Created golang-github-elazarl-goproxy tracking bugs for this issue:

Affects: fedora-34 [bug 2085651]


Created golang-github-elves-elvish tracking bugs for this issue:

Affects: fedora-34 [bug 2085652]


Created golang-github-emersion-imap tracking bugs for this issue:

Affects: fedora-34 [bug 2085653]


Created golang-github-emersion-imap-idle tracking bugs for this issue:

Affects: fedora-34 [bug 2085654]


Created golang-github-emersion-imap-sortthread tracking bugs for this issue:

Affects: fedora-34 [bug 2085655]


Created golang-github-emersion-pgpmail tracking bugs for this issue:

Affects: fedora-34 [bug 2085656]


Created golang-github-emersion-smtp tracking bugs for this issue:

Affects: fedora-34 [bug 2085657]


Created golang-github-emicklei-restful tracking bugs for this issue:

Affects: fedora-34 [bug 2085658]


Created golang-github-enescakir-emoji tracking bugs for this issue:

Affects: fedora-34 [bug 2085659]


Created golang-github-envoyproxy-control-plane tracking bugs for this issue:

Affects: fedora-34 [bug 2085660]


Created golang-github-envoyproxy-protoc-gen-validate tracking bugs for this issue:

Affects: fedora-34 [bug 2085661]


Created golang-github-evanw-esbuild tracking bugs for this issue:

Affects: fedora-34 [bug 2085662]


Created golang-github-facebook-ent tracking bugs for this issue:

Affects: fedora-34 [bug 2085663]


Created golang-github-facebookincubator-go2chef tracking bugs for this issue:

Affects: fedora-34 [bug 2085664]


Created golang-github-facebookincubator-ntp tracking bugs for this issue:

Affects: fedora-34 [bug 2085665]


Created golang-github-facebookincubator-ptp tracking bugs for this issue:

Affects: fedora-34 [bug 2085666]


Created golang-github-felixge-httpsnoop tracking bugs for this issue:

Affects: fedora-34 [bug 2085667]


Created golang-github-fnproject-fdk tracking bugs for this issue:

Affects: fedora-34 [bug 2085668]


Created golang-github-francoispqt-gojay tracking bugs for this issue:

Affects: fedora-34 [bug 2085669]


Created golang-github-fsouza-dockerclient tracking bugs for this issue:

Affects: fedora-34 [bug 2085670]


Created golang-github-gddo tracking bugs for this issue:

Affects: fedora-34 [bug 2085671]


Created golang-github-geertjohan-rice tracking bugs for this issue:

Affects: fedora-34 [bug 2085672]


Created golang-github-getkin-kin-openapi tracking bugs for this issue:

Affects: fedora-34 [bug 2085673]


Created golang-github-gin-contrib-cors tracking bugs for this issue:

Affects: fedora-34 [bug 2085674]


Created golang-github-gin-contrib-sse tracking bugs for this issue:

Affects: fedora-34 [bug 2085675]


Created golang-github-gin-gonic tracking bugs for this issue:

Affects: fedora-34 [bug 2085676]


Created golang-github-gin-gonic-autotls tracking bugs for this issue:

Affects: fedora-34 [bug 2085677]

Comment 23 Sage McTaggart 2022-05-13 17:30:08 UTC
Created golang-github-gin-contrib-static tracking bugs for this issue:

Affects: fedora-34 [bug 2085681]


Created golang-github-gobuffalo-packd tracking bugs for this issue:

Affects: fedora-34 [bug 2085682]


Created golang-github-gobuffalo-packr tracking bugs for this issue:

Affects: fedora-34 [bug 2085683]


Created golang-github-gocolly-colly-2 tracking bugs for this issue:

Affects: fedora-34 [bug 2085684]


Created golang-github-gocql tracking bugs for this issue:

Affects: fedora-34 [bug 2085685]


Created golang-github-gomodule-redigo tracking bugs for this issue:

Affects: fedora-34 [bug 2085686]


Created golang-github-google-cel tracking bugs for this issue:

Affects: fedora-34 [bug 2085687]


Created golang-github-google-certificate-transparency tracking bugs for this issue:

Affects: fedora-34 [bug 2085688]


Created golang-github-google-containerregistry tracking bugs for this issue:

Affects: fedora-34 [bug 2085689]


Created golang-github-google-go-github tracking bugs for this issue:

Affects: fedora-34 [bug 2085690]


Created golang-github-google-gopacket tracking bugs for this issue:

Affects: fedora-34 [bug 2085691]


Created golang-github-google-gousb tracking bugs for this issue:

Affects: fedora-34 [bug 2085692]


Created golang-github-google-martian tracking bugs for this issue:

Affects: fedora-34 [bug 2085693]


Created golang-github-google-monologue tracking bugs for this issue:

Affects: fedora-34 [bug 2085694]


Created golang-github-google-pprof tracking bugs for this issue:

Affects: fedora-34 [bug 2085695]


Created golang-github-google-trillian tracking bugs for this issue:

Affects: fedora-34 [bug 2085696]


Created golang-github-google-tspi tracking bugs for this issue:

Affects: fedora-34 [bug 2085697]


Created golang-github-googleapis-gax tracking bugs for this issue:

Affects: fedora-34 [bug 2085698]


Created golang-github-googleapis-gnostic tracking bugs for this issue:

Affects: fedora-34 [bug 2085699]


Created golang-github-googlecloudplatform-cloudsql-proxy tracking bugs for this issue:

Affects: fedora-34 [bug 2085700]


Created golang-github-googlecloudplatform-k8s-cloud-provider tracking bugs for this issue:

Affects: fedora-34 [bug 2085701]


Created golang-github-gophercloud tracking bugs for this issue:

Affects: fedora-34 [bug 2085702]


Created golang-github-gophercloud-utils tracking bugs for this issue:

Affects: fedora-34 [bug 2085703]


Created golang-github-gorilla-csrf tracking bugs for this issue:

Affects: fedora-34 [bug 2085704]


Created golang-github-gorilla-handlers tracking bugs for this issue:

Affects: fedora-34 [bug 2085705]


Created golang-github-gorilla-mux tracking bugs for this issue:

Affects: fedora-34 [bug 2085706]


Created golang-github-gorilla-sessions tracking bugs for this issue:

Affects: fedora-34 [bug 2085707]


Created golang-github-gorilla-websocket tracking bugs for this issue:

Affects: fedora-34 [bug 2085708]


Created golang-github-gosidekick-goconfig tracking bugs for this issue:

Affects: fedora-34 [bug 2085709]


Created golang-github-graph-gophers-graphql tracking bugs for this issue:

Affects: fedora-34 [bug 2085710]


Created golang-github-graphql tracking bugs for this issue:

Affects: fedora-34 [bug 2085711]


Created golang-github-grpc-ecosystem-gateway tracking bugs for this issue:

Affects: fedora-34 [bug 2085712]


Created golang-github-grpc-ecosystem-middleware tracking bugs for this issue:

Affects: fedora-34 [bug 2085713]


Created golang-github-grpc-ecosystem-prometheus tracking bugs for this issue:

Affects: fedora-34 [bug 2085714]


Created golang-github-haproxytech-client-native tracking bugs for this issue:

Affects: fedora-34 [bug 2085715]


Created golang-github-haproxytech-dataplaneapi tracking bugs for this issue:

Affects: fedora-34 [bug 2085716]


Created golang-github-haproxytech-models tracking bugs for this issue:

Affects: fedora-34 [bug 2085717]


Created golang-github-hashicorp-checkpoint tracking bugs for this issue:

Affects: fedora-34 [bug 2085718]


Created golang-github-hashicorp-cleanhttp tracking bugs for this issue:

Affects: fedora-34 [bug 2085719]


Created golang-github-hashicorp-consul-sdk tracking bugs for this issue:

Affects: fedora-34 [bug 2085720]

Comment 24 Sage McTaggart 2022-05-16 13:46:53 UTC
Created golang-github-openapi-validate tracking bugs for this issue:

Affects: fedora-34 [bug 2086709]


Created golang-github-opencontainers-image-spec tracking bugs for this issue:

Affects: fedora-34 [bug 2086710]


Created golang-github-openshift-online-ocm-sdk tracking bugs for this issue:

Affects: fedora-34 [bug 2086711]


Created golang-github-opentracing tracking bugs for this issue:

Affects: fedora-34 [bug 2086712]


Created golang-github-opentracing-basictracer tracking bugs for this issue:

Affects: fedora-34 [bug 2086713]


Created golang-github-opentracing-contrib-grpc tracking bugs for this issue:

Affects: fedora-34 [bug 2086714]


Created golang-github-opentracing-contrib-stdlib tracking bugs for this issue:

Affects: fedora-34 [bug 2086715]


Created golang-github-openzipkin-contrib-zipkin-opentracing tracking bugs for this issue:

Affects: fedora-34 [bug 2086716]


Created golang-github-openzipkin-zipkin tracking bugs for this issue:

Affects: fedora-34 [bug 2086717]

Comment 25 Sage McTaggart 2022-05-17 20:06:20 UTC
Created golang-github-stretchr-testify tracking bugs for this issue:

Affects: fedora-34 [bug 2087381]


Created golang-github-syndtr-goleveldb tracking bugs for this issue:

Affects: fedora-34 [bug 2087382]


Created golang-github-t3rm1n4l-mega tracking bugs for this issue:

Affects: fedora-34 [bug 2087383]


Created golang-github-tdewolff-minify tracking bugs for this issue:

Affects: fedora-34 [bug 2087384]


Created golang-github-temoto-robotstxt tracking bugs for this issue:

Affects: fedora-34 [bug 2087385]


Created golang-github-theoapp-theo-agent tracking bugs for this issue:

Affects: fedora-34 [bug 2087386]


Created golang-github-theupdateframework-notary tracking bugs for this issue:

Affects: fedora-34 [bug 2087387]


Created golang-github-tj-assert tracking bugs for this issue:

Affects: fedora-34 [bug 2087388]


Created golang-github-tonistiigi-actions-cache tracking bugs for this issue:

Affects: fedora-34 [bug 2087389]


Created golang-github-tonistiigi-vt100 tracking bugs for this issue:

Affects: fedora-34 [bug 2087390]


Created golang-github-transip-gotransip tracking bugs for this issue:

Affects: fedora-34 [bug 2087391]


Created golang-github-tv42-httpunix tracking bugs for this issue:

Affects: fedora-34 [bug 2087392]


Created golang-github-twpayne-geom tracking bugs for this issue:

Affects: fedora-34 [bug 2087393]


Created golang-github-twpayne-kml tracking bugs for this issue:

Affects: fedora-34 [bug 2087394]


Created golang-github-unknwon-com tracking bugs for this issue:

Affects: fedora-34 [bug 2087395]


Created golang-github-urfave-cli tracking bugs for this issue:

Affects: fedora-34 [bug 2087396]


Created golang-github-urfave-negroni tracking bugs for this issue:

Affects: fedora-34 [bug 2087397]


Created golang-github-valyala-fasthttp tracking bugs for this issue:

Affects: fedora-34 [bug 2087398]


Created golang-github-vinyldns tracking bugs for this issue:

Affects: fedora-34 [bug 2087399]


Created golang-github-vmware-govmomi tracking bugs for this issue:

Affects: fedora-34 [bug 2087400]


Created golang-github-vultr-govultr tracking bugs for this issue:

Affects: fedora-34 [bug 2087401]


Created golang-github-xanzy-cloudstack tracking bugs for this issue:

Affects: fedora-34 [bug 2087402]


Created golang-github-xanzy-ssh-agent tracking bugs for this issue:

Affects: fedora-34 [bug 2087403]


Created golang-github-xeipuuv-gojsonschema tracking bugs for this issue:

Affects: fedora-34 [bug 2087405]


Created golang-github-yujunz-getter tracking bugs for this issue:

Affects: fedora-34 [bug 2087406]


Created golang-github-yunify-qingstor-sdk tracking bugs for this issue:

Affects: fedora-34 [bug 2087407]


Created golang-github-zmap-zcertificate tracking bugs for this issue:

Affects: fedora-34 [bug 2087408]


Created golang-github-zmap-zcrypto tracking bugs for this issue:

Affects: fedora-34 [bug 2087409]


Created golang-github-zmap-zlint tracking bugs for this issue:

Affects: fedora-34 [bug 2087410]


Created golang-go4 tracking bugs for this issue:

Affects: fedora-34 [bug 2087411]


Created golang-gocloud tracking bugs for this issue:

Affects: fedora-34 [bug 2087412]


Created golang-goftp-server tracking bugs for this issue:

Affects: fedora-34 [bug 2087413]


Created golang-google-api tracking bugs for this issue:

Affects: fedora-34 [bug 2087414]


Created golang-google-appengine tracking bugs for this issue:

Affects: fedora-34 [bug 2087415]


Created golang-google-genproto tracking bugs for this issue:

Affects: fedora-34 [bug 2087416]


Created golang-google-grpc tracking bugs for this issue:

Affects: fedora-34 [bug 2087417]


Created golang-gopkg-macaron-1 tracking bugs for this issue:

Affects: fedora-34 [bug 2087418]


Created golang-gopkg-ns1-2 tracking bugs for this issue:

Affects: fedora-34 [bug 2087419]


Created golang-gopkg-olivere-elastic-5 tracking bugs for this issue:

Affects: fedora-34 [bug 2087420]


Created golang-gopkg-rethinkdb-6 tracking bugs for this issue:

Affects: fedora-34 [bug 2087421]


Created golang-gopkg-src-d-git-4 tracking bugs for this issue:

Affects: fedora-34 [bug 2087422]


Created golang-gvisor tracking bugs for this issue:

Affects: fedora-34 [bug 2087423]


Created golang-hein-version tracking bugs for this issue:

Affects: fedora-34 [bug 2087424]


Created golang-honnef-tools tracking bugs for this issue:

Affects: fedora-34 [bug 2087425]


Created golang-istio-api tracking bugs for this issue:

Affects: fedora-34 [bug 2087426]


Created golang-istio-gogo-genproto tracking bugs for this issue:

Affects: fedora-34 [bug 2087427]


Created golang-istio-pkg tracking bugs for this issue:

Affects: fedora-34 [bug 2087428]


Created golang-k8s-api tracking bugs for this issue:

Affects: fedora-34 [bug 2087429]


Created golang-k8s-apiextensions-apiserver tracking bugs for this issue:

Affects: fedora-34 [bug 2087430]


Created golang-k8s-apimachinery tracking bugs for this issue:

Affects: fedora-34 [bug 2087431]


Created golang-k8s-apiserver tracking bugs for this issue:

Affects: fedora-34 [bug 2087432]


Created golang-k8s-cli-runtime tracking bugs for this issue:

Affects: fedora-34 [bug 2087433]


Created golang-k8s-client tracking bugs for this issue:

Affects: fedora-34 [bug 2087434]


Created golang-k8s-cloud-provider tracking bugs for this issue:

Affects: fedora-34 [bug 2087435]


Created golang-k8s-cluster-bootstrap tracking bugs for this issue:

Affects: fedora-34 [bug 2087436]


Created golang-k8s-code-generator tracking bugs for this issue:

Affects: fedora-34 [bug 2087437]

Comment 26 errata-xmlrpc 2022-06-13 12:44:23 UTC
This issue has been addressed in the following products:

  OpenShift Service Mesh 2.1

Via RHSA-2022:5006 https://access.redhat.com/errata/RHSA-2022:5006

Comment 30 errata-xmlrpc 2022-06-28 15:16:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:5337 https://access.redhat.com/errata/RHSA-2022:5337

Comment 31 errata-xmlrpc 2022-06-28 19:26:21 UTC
This issue has been addressed in the following products:

  Red Hat Developer Tools

Via RHSA-2022:5415 https://access.redhat.com/errata/RHSA-2022:5415

Comment 43 errata-xmlrpc 2022-08-02 07:44:59 UTC
This issue has been addressed in the following products:

  Red Hat Migration Toolkit for Containers 1.7

Via RHSA-2022:5840 https://access.redhat.com/errata/RHSA-2022:5840

Comment 46 errata-xmlrpc 2022-08-09 02:35:45 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.10

Via RHSA-2022:5875 https://access.redhat.com/errata/RHSA-2022:5875

Comment 47 errata-xmlrpc 2022-08-10 10:09:25 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11
  Ironic content for Red Hat OpenShift Container Platform 4.11

Via RHSA-2022:5068 https://access.redhat.com/errata/RHSA-2022:5068

Comment 48 errata-xmlrpc 2022-08-10 11:36:49 UTC
This issue has been addressed in the following products:

  Openshift Serverless 1 on RHEL 8

Via RHSA-2022:6042 https://access.redhat.com/errata/RHSA-2022:6042

Comment 49 errata-xmlrpc 2022-08-10 13:15:09 UTC
This issue has been addressed in the following products:

  Openshift Serveless 1.24

Via RHSA-2022:6040 https://access.redhat.com/errata/RHSA-2022:6040

Comment 58 errata-xmlrpc 2022-08-23 18:12:10 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.10

Via RHSA-2022:6094 https://access.redhat.com/errata/RHSA-2022:6094

Comment 59 errata-xmlrpc 2022-08-24 13:41:25 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Data Foundation 4.11 on RHEL8

Via RHSA-2022:6155 https://access.redhat.com/errata/RHSA-2022:6155

Comment 60 errata-xmlrpc 2022-08-24 13:47:40 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Data Foundation 4.11 on RHEL8

Via RHSA-2022:6156 https://access.redhat.com/errata/RHSA-2022:6156

Comment 61 errata-xmlrpc 2022-08-25 10:08:57 UTC
This issue has been addressed in the following products:

  Node Healthcheck Operator 0.3 for RHEL 8

Via RHSA-2022:6187 https://access.redhat.com/errata/RHSA-2022:6187

Comment 62 errata-xmlrpc 2022-08-31 16:55:50 UTC
This issue has been addressed in the following products:

  OpenShift Service Mesh 2.1

Via RHSA-2022:6277 https://access.redhat.com/errata/RHSA-2022:6277

Comment 63 errata-xmlrpc 2022-09-01 01:24:36 UTC
This issue has been addressed in the following products:

  OADP-1.1-RHEL-8

Via RHSA-2022:6290 https://access.redhat.com/errata/RHSA-2022:6290

Comment 64 errata-xmlrpc 2022-09-01 05:40:46 UTC
This issue has been addressed in the following products:

  OSSO-1.1-RHEL-8

Via RHSA-2022:6152 https://access.redhat.com/errata/RHSA-2022:6152

Comment 66 errata-xmlrpc 2022-09-14 19:28:00 UTC
This issue has been addressed in the following products:

  RHEL-8-CNV-4.11

Via RHSA-2022:6526 https://access.redhat.com/errata/RHSA-2022:6526

Comment 70 errata-xmlrpc 2022-09-26 15:26:46 UTC
This issue has been addressed in the following products:

  RHACS-3.72-RHEL-8

Via RHSA-2022:6714 https://access.redhat.com/errata/RHSA-2022:6714

Comment 78 errata-xmlrpc 2022-12-01 21:09:54 UTC
This issue has been addressed in the following products:

  RHEL-8-CNV-4.11

Via RHSA-2022:8750 https://access.redhat.com/errata/RHSA-2022:8750

Comment 79 Product Security DevOps Team 2022-12-09 12:33:03 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-28327

Comment 80 errata-xmlrpc 2023-03-06 18:38:56 UTC
This issue has been addressed in the following products:

  OpenShift Custom Metrics Autoscaler 2

Via RHSA-2023:1042 https://access.redhat.com/errata/RHSA-2023:1042

Comment 82 errata-xmlrpc 2023-03-30 00:42:55 UTC
This issue has been addressed in the following products:

  STF-1.5-RHEL-8

Via RHSA-2023:1529 https://access.redhat.com/errata/RHSA-2023:1529

Comment 83 errata-xmlrpc 2023-06-15 15:59:44 UTC
This issue has been addressed in the following products:

  Red Hat Ceph Storage 6.1

Via RHSA-2023:3642 https://access.redhat.com/errata/RHSA-2023:3642

Comment 85 errata-xmlrpc 2023-06-19 10:33:01 UTC
This issue has been addressed in the following products:

  OpenShift Developer Tools and Services for OCP 4.11

Via RHSA-2023:3664 https://access.redhat.com/errata/RHSA-2023:3664

Comment 86 errata-xmlrpc 2023-07-06 02:44:27 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2023:3914 https://access.redhat.com/errata/RHSA-2023:3914

Comment 87 errata-xmlrpc 2023-07-10 08:51:03 UTC
This issue has been addressed in the following products:

  Service Interconnect 1 for RHEL 8
  Service Interconnect 1 for RHEL 9

Via RHSA-2023:4003 https://access.redhat.com/errata/RHSA-2023:4003