Bug 2100495 (CVE-2021-38561)
| Summary: | CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Marco Benatto <mbenatto> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | acui, admiller, agarcial, akashem, akoutsou, alitke, anpicker, aos-bugs, aos-network-edge-staff, aputtur, athoscribeiro, bbaude, bbennett, bdettelb, bkundu, blaise, bmontgom, bradley.g.smith, bthurber, carl, charlie, container-sig, dagray, debarshir, dustymabe, dwalsh, dwhatley, dymurray, ebakerupw, eparis, fdeutsch, go-sig, gparvin, hchiramm, ibolton, ijolliff, jacding, jakubr, jburrell, jcajka, jcantril, jchaloup, jchui, jhrozek, jligon, jmatthew, jmencak, jmontleo, jnovy, joelsmith, jokerman, jramanat, jsafrane, jwendell, lbragsta, lmeyer, lsm5, lueberni, madam, mail, m.andre, maxwell, mbenatto, mfojtik, mheon, njean, nobody, nparekh, nstielau, ntait, obudai, ocp-storage-bot, ocs-bugs, openshift-release-oversight, osbuilders, oskutka, ovanders, pahickey, patrick, pehunt, periklis, pknezevi, pthomas, quantum.analyst, rbednar, rcernich, redhat, rfreiman, rh.container.bot, rhs-bugs, rphillips, ryncsn, santiago, security-response-team, sejug, sgott, skitt, slaznick, slucidi, sostapov, spasquie, sponnaga, sseago, ssteinbe, stcannon, stirabos, sttts, surbania, tgunders, tsedovic, tsweeney, twalsh, umohnani, user-cont-team+packit-fas, vkumar, wenshen, whayutin, xiyuan, xxia, ypadia, zebob.m |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | golang.org/x/text/language 0.3.7 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-01-27 21:22:27 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2101723, 2101726, 2100874, 2101722, 2101724, 2101725, 2105475, 2105476, 2105477, 2105478, 2105479, 2105480, 2105481, 2105482, 2105483, 2105484, 2105485, 2105486, 2105487, 2105488, 2105489, 2105491, 2105492, 2105493, 2105494, 2105495, 2105496, 2105497, 2105498, 2105499, 2105500, 2105501, 2105502, 2105503, 2105504, 2105507, 2105511, 2105512, 2105513, 2105514, 2105515, 2105516, 2105517, 2105518, 2105519, 2105520, 2105523, 2105524, 2105525, 2105526, 2105527, 2105528, 2105529, 2105530, 2105531, 2105532, 2105533, 2105534, 2105535, 2105536, 2105537, 2105538, 2105539, 2105540, 2105541, 2105542, 2105543, 2105544, 2105545, 2105546, 2105547, 2105549, 2105550, 2105551, 2105552, 2105553, 2105554, 2105555, 2105556, 2105557, 2105558, 2105560, 2105561, 2105562, 2105563, 2105564, 2105565, 2105566, 2105567, 2105568, 2105569, 2105570, 2105571, 2105572, 2105573, 2105574, 2105575, 2105576, 2105577, 2105578, 2105579, 2105580, 2105581, 2105582, 2105583, 2105584, 2105585, 2105586, 2105587, 2105588, 2105589, 2105590, 2105591, 2105592, 2105593, 2105594, 2105595, 2105596, 2105597, 2105598, 2105599, 2109208, 2109209, 2109210, 2109212, 2109213, 2109214, 2110690, 2112745, 2112746, 2112747 | ||
| Bug Blocks: | 2100485 | ||
|
Description
Marco Benatto
2022-06-23 14:17:27 UTC
golang-x-text in F34-Rawhide was updated to a patched version 5 months ago. I also just updated it in epel8. Please do not open bugs for this CVE against our packages. This issue has been addressed in the following products: OpenShift Developer Tools and Services for OCP 4.7 Via RHSA-2022:5525 https://access.redhat.com/errata/RHSA-2022:5525 This issue has been addressed in the following products: Logging subsystem for Red Hat OpenShift 5.4 Via RHSA-2022:5556 https://access.redhat.com/errata/RHSA-2022:5556 Upstream commit for this issue: https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f This issue has been addressed in the following products: OpenShift Logging 5.3 Via RHSA-2022:5908 https://access.redhat.com/errata/RHSA-2022:5908 This issue has been addressed in the following products: OpenShift Logging 5.2 Via RHSA-2022:5909 https://access.redhat.com/errata/RHSA-2022:5909 *** Bug 2105594 has been marked as a duplicate of this bug. *** This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2022:5070 https://access.redhat.com/errata/RHSA-2022:5070 This issue has been addressed in the following products: RHOL-5.5-RHEL-8 Via RHSA-2022:6051 https://access.redhat.com/errata/RHSA-2022:6051 This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8 Via RHSA-2022:6346 https://access.redhat.com/errata/RHSA-2022:6346 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2022:6287 https://access.redhat.com/errata/RHSA-2022:6287 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2022:6263 https://access.redhat.com/errata/RHSA-2022:6263 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.9 Via RHSA-2022:6318 https://access.redhat.com/errata/RHSA-2022:6318 This issue has been addressed in the following products: RHEL-8-CNV-4.11 Via RHSA-2022:6526 https://access.redhat.com/errata/RHSA-2022:6526 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2022:6537 https://access.redhat.com/errata/RHSA-2022:6537 This issue has been addressed in the following products: RHEL-8-CNV-4.11 Via RHSA-2022:8750 https://access.redhat.com/errata/RHSA-2022:8750 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2022:7401 https://access.redhat.com/errata/RHSA-2022:7401 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2022:7399 https://access.redhat.com/errata/RHSA-2022:7399 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2023:0245 https://access.redhat.com/errata/RHSA-2023:0245 This issue has been addressed in the following products: RHEL-8-CNV-4.12 RHEL-7-CNV-4.12 Via RHSA-2023:0407 https://access.redhat.com/errata/RHSA-2023:0407 This issue has been addressed in the following products: RHEL-8-CNV-4.12 Via RHSA-2023:0408 https://access.redhat.com/errata/RHSA-2023:0408 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-38561 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2023:0566 https://access.redhat.com/errata/RHSA-2023:0566 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2023:0652 https://access.redhat.com/errata/RHSA-2023:0652 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2023:0774 https://access.redhat.com/errata/RHSA-2023:0774 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2023:0895 https://access.redhat.com/errata/RHSA-2023:0895 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2023:0890 https://access.redhat.com/errata/RHSA-2023:0890 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:1326 https://access.redhat.com/errata/RHSA-2023:1326 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:1328 https://access.redhat.com/errata/RHSA-2023:1328 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2023:3542 https://access.redhat.com/errata/RHSA-2023:3542 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2023:4310 https://access.redhat.com/errata/RHSA-2023:4310 |