Bug 2064702 (CVE-2022-27191) - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
Summary: CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-27191
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: Engineering2068514 Red Hat2071561 Red Hat2071562 Red Hat2071563 2074248 2074249 2074250 Engineering2068511 Engineering2068512 Engineering2068513 Red Hat2068515 Engineering2068516 Red Hat2073276 Red Hat2073280 Red Hat2073281 Red Hat2073282 Red Hat2073283 Red Hat2073284 Red Hat2073292 2074251 2074252 2074253 2074254 2074255 2074256 2074257 2074258 2074259 2074260 2074261 2074262 2074263 2074264 2074265 2074266 2074267 2074268 Red Hat2074272 Red Hat2074273 Red Hat2074274 Red Hat2074275 Red Hat2074276 Red Hat2074277 Red Hat2074278 Red Hat2074279 Red Hat2074280 Red Hat2074281 Red Hat2074282 Red Hat2074283 Red Hat2074284 Red Hat2074285 Red Hat2074286 Red Hat2074287 Red Hat2074288 Red Hat2074289 Red Hat2074290 Red Hat2074291 Red Hat2074292 Red Hat2074293 Red Hat2074294 Red Hat2074295 Red Hat2074296 Red Hat2074297 Red Hat2074298 Red Hat2074299 Red Hat2075237 Red Hat2075238 Red Hat2075239 Red Hat2075240 Red Hat2075241 Red Hat2075243 Red Hat2075244 Red Hat2075245 Red Hat2075246 Red Hat2075247 Red Hat2075248 Red Hat2075249 Red Hat2075250
Blocks: Embargoed2064715
TreeView+ depends on / blocked
 
Reported: 2022-03-16 11:41 UTC by TEJ RATHI
Modified: 2023-05-17 22:32 UTC (History)
92 users (show)

Fixed In Version: golang.org/x/crypto/ssh v0.0.0-20220315160706-3147a52a75
Doc Type: If docs needed, set a value
Doc Text:
A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.
Clone Of:
Environment:
Last Closed: 2023-01-31 15:25:32 UTC

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:1476 0 None None None 2022-04-20 23:46:42 UTC
Red Hat Product Errata RHSA-2022:4956 0 None None None 2022-06-09 02:06:47 UTC
Red Hat Product Errata RHSA-2022:5068 0 None None None 2022-08-10 10:09:11 UTC
Red Hat Product Errata RHSA-2022:5069 0 None None None 2022-08-10 10:34:36 UTC
Red Hat Product Errata RHSA-2022:6347 0 None None None 2022-09-06 12:58:21 UTC
Red Hat Product Errata RHSA-2022:6526 0 None None None 2022-09-14 19:27:50 UTC
Red Hat Product Errata RHSA-2022:6527 0 None None None 2022-09-14 16:36:41 UTC
Red Hat Product Errata RHSA-2022:7401 0 None None None 2023-01-17 19:35:37 UTC
Red Hat Product Errata RHSA-2022:7457 0 None None None 2022-11-08 09:11:49 UTC
Red Hat Product Errata RHSA-2022:7469 0 None None None 2022-11-08 09:13:31 UTC
Red Hat Product Errata RHSA-2022:7954 0 None None None 2022-11-15 09:48:01 UTC
Red Hat Product Errata RHSA-2022:8008 0 None None None 2022-11-15 09:57:33 UTC
Red Hat Product Errata RHSA-2022:8634 0 None None None 2022-11-28 02:51:43 UTC
Red Hat Product Errata RHSA-2022:8893 0 None None None 2022-12-15 21:33:20 UTC
Red Hat Product Errata RHSA-2022:8932 0 None None None 2022-12-12 18:04:57 UTC
Red Hat Product Errata RHSA-2022:8938 0 None None None 2022-12-13 02:11:40 UTC
Red Hat Product Errata RHSA-2022:9096 0 None None None 2023-01-30 05:48:19 UTC
Red Hat Product Errata RHSA-2022:9107 0 None None None 2023-01-04 06:46:16 UTC
Red Hat Product Errata RHSA-2023:1326 0 None None None 2023-05-17 22:32:01 UTC

Description TEJ RATHI 2022-03-16 11:41:19 UTC 
A potential crash in a golang.org/x/crypto/ssh server under these conditions:

• The server has been configured by passing a Signer to ServerConfig.AddHostKey.
• The Signer passed to AddHostKey does not also implement AlgorithmSigner.
• The Signer passed to AddHostKey does return a key of type “ssh-rsa” from its PublicKey method.
Comment 8 Anten Skrabec 2022-04-11 21:37:19 UTC 
Created buildah tracking bugs for this issue:

Affects: fedora-all [bug 2074252]


Created caddy tracking bugs for this issue:

Affects: fedora-all [bug 2074253]


Created cri-o:1.22/cri-o tracking bugs for this issue:

Affects: fedora-all [bug 2074254]


Created cri-o:nightly/cri-o tracking bugs for this issue:

Affects: fedora-all [bug 2074255]


Created doctl tracking bugs for this issue:

Affects: fedora-all [bug 2074256]


Created golang-github-francoispqt-gojay tracking bugs for this issue:

Affects: fedora-all [bug 2074257]


Created golang-github-hashicorp-consul-api tracking bugs for this issue:

Affects: fedora-all [bug 2074258]


Created golang-github-hashicorp-consul-sdk tracking bugs for this issue:

Affects: fedora-all [bug 2074259]


Created golang-github-moby-buildkit tracking bugs for this issue:

Affects: fedora-all [bug 2074260]


Created golang-github-protonmail-crypto tracking bugs for this issue:

Affects: fedora-all [bug 2074261]


Created golang-googlecode-go-crypto tracking bugs for this issue:

Affects: epel-all [bug 2074248]


Created golang-x-crypto tracking bugs for this issue:

Affects: epel-all [bug 2074249]
Affects: fedora-all [bug 2074262]


Created gomtree tracking bugs for this issue:

Affects: fedora-all [bug 2074263]


Created mantle tracking bugs for this issue:

Affects: fedora-all [bug 2074264]


Created origin tracking bugs for this issue:

Affects: fedora-all [bug 2074265]


Created pack tracking bugs for this issue:

Affects: fedora-all [bug 2074266]


Created podman tracking bugs for this issue:

Affects: fedora-all [bug 2074267]


Created rclone tracking bugs for this issue:

Affects: epel-all [bug 2074250]


Created restic tracking bugs for this issue:

Affects: epel-all [bug 2074251]


Created vultr tracking bugs for this issue:

Affects: fedora-all [bug 2074268]
Comment 15 errata-xmlrpc 2022-04-20 23:46:37 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.4 for RHEL 8

Via RHSA-2022:1476 https://access.redhat.com/errata/RHSA-2022:1476
Comment 16 Peter Hunt 2022-05-17 15:48:01 UTC 
NPD doesn't use this package, only the terminal package within crypto/ssh
Comment 17 Peter Hunt 2022-05-17 15:49:59 UTC 
as is evidenced by my referencing NPD, I closed the wrong bug, sorry for the noise
Comment 18 errata-xmlrpc 2022-06-09 02:06:41 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.5 for RHEL 8

Via RHSA-2022:4956 https://access.redhat.com/errata/RHSA-2022:4956
Comment 25 errata-xmlrpc 2022-08-10 10:09:07 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11
  Ironic content for Red Hat OpenShift Container Platform 4.11

Via RHSA-2022:5068 https://access.redhat.com/errata/RHSA-2022:5068
Comment 26 errata-xmlrpc 2022-08-10 10:34:33 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2022:5069 https://access.redhat.com/errata/RHSA-2022:5069
Comment 27 errata-xmlrpc 2022-09-06 12:58:16 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8

Via RHSA-2022:6347 https://access.redhat.com/errata/RHSA-2022:6347
Comment 28 errata-xmlrpc 2022-09-14 16:36:36 UTC 
This issue has been addressed in the following products:

  RHEL-7-CNV-4.11
  RHEL-8-CNV-4.11

Via RHSA-2022:6527 https://access.redhat.com/errata/RHSA-2022:6527
Comment 29 errata-xmlrpc 2022-09-14 19:27:45 UTC 
This issue has been addressed in the following products:

  RHEL-8-CNV-4.11

Via RHSA-2022:6526 https://access.redhat.com/errata/RHSA-2022:6526
Comment 32 errata-xmlrpc 2022-11-08 09:11:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7457 https://access.redhat.com/errata/RHSA-2022:7457
Comment 33 errata-xmlrpc 2022-11-08 09:13:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7469 https://access.redhat.com/errata/RHSA-2022:7469
Comment 34 errata-xmlrpc 2022-11-15 09:47:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:7954 https://access.redhat.com/errata/RHSA-2022:7954
Comment 35 errata-xmlrpc 2022-11-15 09:57:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:8008 https://access.redhat.com/errata/RHSA-2022:8008
Comment 36 errata-xmlrpc 2022-11-28 02:51:39 UTC 
This issue has been addressed in the following products:

  OADP-1.1-RHEL-8

Via RHSA-2022:8634 https://access.redhat.com/errata/RHSA-2022:8634
Comment 38 errata-xmlrpc 2022-12-12 18:04:54 UTC 
This issue has been addressed in the following products:

  Openshift Serverless 1 on RHEL 8

Via RHSA-2022:8932 https://access.redhat.com/errata/RHSA-2022:8932
Comment 39 errata-xmlrpc 2022-12-13 02:11:37 UTC 
This issue has been addressed in the following products:

  RHOSS-1.26-RHEL-8

Via RHSA-2022:8938 https://access.redhat.com/errata/RHSA-2022:8938
Comment 41 errata-xmlrpc 2022-12-15 21:33:16 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2022:8893 https://access.redhat.com/errata/RHSA-2022:8893
Comment 48 errata-xmlrpc 2023-01-04 06:46:13 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2022:9107 https://access.redhat.com/errata/RHSA-2022:9107
Comment 51 errata-xmlrpc 2023-01-17 19:35:33 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2022:7401 https://access.redhat.com/errata/RHSA-2022:7401
Comment 52 errata-xmlrpc 2023-01-30 05:48:16 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2022:9096 https://access.redhat.com/errata/RHSA-2022:9096
Comment 53 Product Security DevOps Team 2023-01-31 15:25:26 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-27191
Comment 55 errata-xmlrpc 2023-05-17 22:31:58 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:1326 https://access.redhat.com/errata/RHSA-2023:1326
Note You need to log in before you can comment on or make changes to this bug.