Bug 2124669 (CVE-2022-27664)
Summary: | CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | TEJ RATHI <trathi> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | abishop, adudiak, agerstmayr, amackenz, amasferr, amurdaca, ansmith, aoconnor, asm, ataylor, atodorov, bbaude, bcl, bcoca, bdettelb, bkundu, bniver, bodavis, chazlett, chousekn, cmeyers, davidn, dbenoit, dcadzow, debarshir, deparker, desktop-qa-list, dkenigsb, dwalsh, dwd, dwhatley, dymurray, eduardo.ramalho, eglynn, emachado, fdeutsch, flucifre, gblomqui, gmeno, go-sig, gparvin, grafana-maint, ibolton, jaharrin, jburrell, jcajka, jcammara, jcantril, jchui, jeder, jhardy, jjoyce, jligon, jmatthew, jmontleo, jnovy, jobarker, jpadman, jramanat, jross, jwendell, jwon, lball, lemenkov, lhh, lmadsen, lsm5, mabashia, matzew, maxwell, mbenjamin, mboddu, mburns, mcressma, mgarciac, mhackett, mheon, mkudlej, mnewsome, mrunge, mwringe, nathans, nboldt, njean, nobody, notting, ocs-bugs, opohorel, oramraz, osapryki, osbuilders, oskutka, pahickey, pehunt, periklis, pjindal, ploffay, pthomas, rcernich, relrod, rhcos-sst, rhos-maint, rhuss, rkieley, rpetrell, saroy, scorneli, sdoran, sfowler, sgott, sipoyare, slucidi, smcdonal, smullick, sostapov, spower, sseago, stcannon, tfister, tjochec, tkuratom, tstellar, tsweeney, twalsh, umohnani, vereddy, vkumar, whayutin, ytale |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | golang 1.19.1, golang 1.18.6 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2023-05-18 19:41:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2127944, 2125779, 2126630, 2126631, 2126633, 2126634, 2126635, 2126636, 2126637, 2126638, 2126639, 2126641, 2126642, 2126643, 2126644, 2126645, 2126646, 2126733, 2126734, 2126735, 2126739, 2126740, 2126741, 2126742, 2126743, 2126744, 2126745, 2126746, 2126747, 2126748, 2126749, 2126750, 2126751, 2126752, 2126753, 2126754, 2126755, 2126756, 2126757, 2126758, 2126759, 2126760, 2126761, 2126762, 2126763, 2126764, 2126765, 2126766, 2126767, 2126768, 2126769, 2126770, 2126771, 2126772, 2126773, 2127945, 2134425, 2134426, 2168805 | ||
Bug Blocks: | 2124673 |
Description
TEJ RATHI
2022-09-06 18:05:27 UTC
Created golang tracking bugs for this issue: Affects: epel-all [bug 2126630] Affects: fedora-all [bug 2126631] This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7129 https://access.redhat.com/errata/RHSA-2022:7129 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2022:8535 https://access.redhat.com/errata/RHSA-2022:8535 This issue has been addressed in the following products: OADP-1.1-RHEL-8 Via RHSA-2022:8634 https://access.redhat.com/errata/RHSA-2022:8634 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Ironic content for Red Hat OpenShift Container Platform 4.11 Via RHSA-2022:8626 https://access.redhat.com/errata/RHSA-2022:8626 This issue has been addressed in the following products: RHOL-5.5-RHEL-8 Via RHSA-2022:8781 https://access.redhat.com/errata/RHSA-2022:8781 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2022:7398 https://access.redhat.com/errata/RHSA-2022:7398 This issue has been addressed in the following products: RHOL-5.6-RHEL-8 Via RHSA-2023:0264 https://access.redhat.com/errata/RHSA-2023:0264 This issue has been addressed in the following products: Red Hat OpenShift Service Mesh 2.3 for RHEL 8 Via RHSA-2023:0542 https://access.redhat.com/errata/RHSA-2023:0542 This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8 Via RHSA-2023:0631 https://access.redhat.com/errata/RHSA-2023:0631 This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.7 Via RHSA-2023:0693 https://access.redhat.com/errata/RHSA-2023:0693 This issue has been addressed in the following products: Openshift Serverless 1 on RHEL 8 Via RHSA-2023:0708 https://access.redhat.com/errata/RHSA-2023:0708 This issue has been addressed in the following products: RHOSS-1.27-RHEL-8 Via RHSA-2023:0709 https://access.redhat.com/errata/RHSA-2023:0709 This issue has been addressed in the following products: OpenShift Custom Metrics Autoscaler 2 Via RHSA-2023:1042 https://access.redhat.com/errata/RHSA-2023:1042 This issue has been addressed in the following products: Red Hat OpenStack Platform 16.1 Red Hat OpenStack Platform 16.2 Via RHSA-2023:1275 https://access.redhat.com/errata/RHSA-2023:1275 This issue has been addressed in the following products: STF-1.5-RHEL-8 Via RHSA-2023:1529 https://access.redhat.com/errata/RHSA-2023:1529 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2167 https://access.redhat.com/errata/RHSA-2023:2167 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2177 https://access.redhat.com/errata/RHSA-2023:2177 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2193 https://access.redhat.com/errata/RHSA-2023:2193 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2204 https://access.redhat.com/errata/RHSA-2023:2204 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2236 https://access.redhat.com/errata/RHSA-2023:2236 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2357 https://access.redhat.com/errata/RHSA-2023:2357 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2758 https://access.redhat.com/errata/RHSA-2023:2758 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2780 https://access.redhat.com/errata/RHSA-2023:2780 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2784 https://access.redhat.com/errata/RHSA-2023:2784 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2785 https://access.redhat.com/errata/RHSA-2023:2785 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2802 https://access.redhat.com/errata/RHSA-2023:2802 This issue has been addressed in the following products: RHEL-9-CNV-4.13 RHEL-7-CNV-4.13 RHEL-8-CNV-4.13 Via RHSA-2023:3204 https://access.redhat.com/errata/RHSA-2023:3204 This issue has been addressed in the following products: RHEL-9-CNV-4.13 Via RHSA-2023:3205 https://access.redhat.com/errata/RHSA-2023:3205 This issue has been addressed in the following products: OSSO-1.1-RHEL-8 Via RHSA-2023:0584 https://access.redhat.com/errata/RHSA-2023:0584 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-27664 This issue has been addressed in the following products: Red Hat Ceph Storage 6.1 Via RHSA-2023:3642 https://access.redhat.com/errata/RHSA-2023:3642 This issue has been addressed in the following products: RHODF-4.13-RHEL-9 Via RHSA-2023:3742 https://access.redhat.com/errata/RHSA-2023:3742 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2023:3613 https://access.redhat.com/errata/RHSA-2023:3613 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2023:4674 https://access.redhat.com/errata/RHSA-2023:4674 This issue has been addressed in the following products: Ironic content for Red Hat OpenShift Container Platform 4.13 Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:4734 https://access.redhat.com/errata/RHSA-2023:4734 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2023:5009 https://access.redhat.com/errata/RHSA-2023:5009 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0121 https://access.redhat.com/errata/RHSA-2024:0121 |