Bug 2268019 (CVE-2024-24783)
| Summary: | CVE-2024-24783 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Robb Gatica <rgatica> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aazores, abishop, adudiak, akostadi, alcohan, amasferr, amctagga, anjoseph, ansmith, aoconnor, asatyam, bdettelb, bniver, bodavis, cbartlet, chazlett, cmah, crizzo, dbenoit, dfreiber, dhanak, diagrawa, dkenigsb, dmayorov, dnakabaa, doconnor, dperaza, drosa, drow, dsimansk, dymurray, eaguilar, ebaron, eglynn, emachado, epacific, fdeutsch, flucifre, ganandan, gmeno, gparvin, haoli, hkataria, ibolton, jaharrin, jajackso, jbalunas, jburrell, jcammara, jcantril, jchui, jeder, jhardy, jjoyce, jkang, jlledo, jmatthew, jmitchel, jmontleo, jneedle, jobarker, joehler, joelsmith, jolong, jpallich, jprabhak, jschluet, kaycoth, kegrant, kholdawa, kingland, koliveir, kshier, kverlaen, lbainbri, lchilton, lcouzens, lhh, lmadsen, lsvaty, mabashia, manissin, matzew, mbenjamin, mbocek, mburns, mgarciac, mhackett, mmagr, mmakovy, mnewsome, mnovotny, mrajanna, mrunge, mskarbek, mwringe, njean, nobody, odf-bz-bot, omaciel, oramraz, owatkins, pahickey, pantinor, pbraun, peholase, pgaikwad, pgrist, pierdipi, pjindal, rguimara, rhaigner, rhos-maint, rhuss, rjohnson, rojacob, sabiswas, sakbas, saroy, sausingh, sdawley, sfeifer, sfroberg, shbose, shvarugh, sidakwo, simaishi, sipoyare, slucidi, smcdonal, smullick, sostapov, sseago, stcannon, stirabos, teagle, tfister, thason, thavo, tjochec, tsedmik, vereddy, vimartin, vkumar, whayutin, wtam, yguenane, zsadeh |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | go 1.21.8, go 1.22.1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2268246, 2268247, 2268248, 2276443, 2276444, 2276445, 2276446, 2276447, 2276448, 2276449, 2276450, 2276451, 2276452, 2276453, 2276454, 2276455, 2276456, 2276457, 2276458, 2276621, 2292180, 2292181, 2349085 | ||
| Bug Blocks: | 2268016 | ||
|
Description
Robb Gatica
2024-03-06 01:57:37 UTC
Created golang tracking bugs for this issue: Affects: epel-all [bug 2268247] Affects: fedora-all [bug 2268246] This issue has been addressed in the following products: Cryostat 2 on RHEL 8 Via RHSA-2024:2088 https://access.redhat.com/errata/RHSA-2024:2088 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2562 https://access.redhat.com/errata/RHSA-2024:2562 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2724 https://access.redhat.com/errata/RHSA-2024:2724 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:3259 https://access.redhat.com/errata/RHSA-2024:3259 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:3346 https://access.redhat.com/errata/RHSA-2024:3346 This issue has been addressed in the following products: Red Hat Openshift distributed tracing 3.2 Via RHSA-2024:3621 https://access.redhat.com/errata/RHSA-2024:3621 This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.4 for RHEL 9 Red Hat Ansible Automation Platform 2.4 for RHEL 8 Via RHSA-2024:3781 https://access.redhat.com/errata/RHSA-2024:3781 This issue has been addressed in the following products: OADP-1.3-RHEL-9 Via RHSA-2024:3790 https://access.redhat.com/errata/RHSA-2024:3790 This issue has been addressed in the following products: NETWORK-OBSERVABILITY-1.6.0-RHEL-9 Via RHSA-2024:3868 https://access.redhat.com/errata/RHSA-2024:3868 This issue has been addressed in the following products: Openshift Serverless 1 on RHEL 8 Via RHSA-2024:4023 https://access.redhat.com/errata/RHSA-2024:4023 This issue has been addressed in the following products: RHOSS-1.33-RHEL-8 Via RHSA-2024:4028 https://access.redhat.com/errata/RHSA-2024:4028 This issue has been addressed in the following products: Service Interconnect 1 for RHEL 9 Via RHSA-2024:4034 https://access.redhat.com/errata/RHSA-2024:4034 This issue has been addressed in the following products: Service Interconnect 1.4 for RHEL 8 Service Interconnect 1.4 for RHEL 9 Via RHSA-2024:4125 https://access.redhat.com/errata/RHSA-2024:4125 This issue has been addressed in the following products: Service Interconnect 1.4 for RHEL 9 Via RHSA-2024:4126 https://access.redhat.com/errata/RHSA-2024:4126 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:0041 https://access.redhat.com/errata/RHSA-2024:0041 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:0045 https://access.redhat.com/errata/RHSA-2024:0045 This issue has been addressed in the following products: RODOO-1.1-RHEL-9 Via RHSA-2024:1616 https://access.redhat.com/errata/RHSA-2024:1616 This issue has been addressed in the following products: OSSO-1.3-RHEL-9 Via RHSA-2024:3637 https://access.redhat.com/errata/RHSA-2024:3637 This issue has been addressed in the following products: KDO-5.0-RHEL-9 Via RHSA-2024:3617 https://access.redhat.com/errata/RHSA-2024:3617 This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.7 Via RHSA-2024:4520 https://access.redhat.com/errata/RHSA-2024:4520 This issue has been addressed in the following products: RHODF-4.16-RHEL-9 Via RHSA-2024:4591 https://access.redhat.com/errata/RHSA-2024:4591 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2024:4893 https://access.redhat.com/errata/RHSA-2024:4893 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:5258 https://access.redhat.com/errata/RHSA-2024:5258 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:6187 https://access.redhat.com/errata/RHSA-2024:6187 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:6189 https://access.redhat.com/errata/RHSA-2024:6189 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:6195 https://access.redhat.com/errata/RHSA-2024:6195 This issue has been addressed in the following products: OPENSHIFT-BUILDS-1.1-RHEL-8 Via RHSA-2024:6221 https://access.redhat.com/errata/RHSA-2024:6221 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:6188 https://access.redhat.com/errata/RHSA-2024:6188 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:6186 https://access.redhat.com/errata/RHSA-2024:6186 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:6194 https://access.redhat.com/errata/RHSA-2024:6194 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:6969 https://access.redhat.com/errata/RHSA-2024:6969 This issue has been addressed in the following products: Red Hat OpenStack Services on OpenShift PODIFIED 1.0 Via RHSA-2024:9485 https://access.redhat.com/errata/RHSA-2024:9485 This issue has been addressed in the following products: Red Hat Ceph Storage 8.1 Via RHSA-2025:9775 https://access.redhat.com/errata/RHSA-2025:9775 |