Bug 2084085 (CVE-2022-29526) - CVE-2022-29526 golang: syscall: faccessat checks wrong group
Summary: CVE-2022-29526 golang: syscall: faccessat checks wrong group
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-29526
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2089158 2089159 2092754 2093091 2093092 2093093 2093094 2095538 2095539 2095540 2095541 2095542 2095543 2095544 2095545 2095546 2095547 2095548 2095549 2095550 2095551 2095552 2095553 2095554 2095555 2095556 2095557 2095558 2095559 2095560 2095561 2095562 2095563 2095564 2095565 2095566 2095567 2095568 2095569 2095571 2095853 2095855 2095857 2095860 2095861 2095863 2095865 2095867 2095868 2095869 2095870 2095872 2095873 2095875 2095876 2095878 2095880 2095881 2095882 2095883 2095885 2095886 2095887 2096470 2110022 2168805
Blocks: 2084220
TreeView+ depends on / blocked
 
Reported: 2022-05-11 10:58 UTC by TEJ RATHI
Modified: 2026-03-02 08:39 UTC (History)
115 users (show)

Fixed In Version: go 1.17.10, go 1.18.2
Clone Of:
Environment:
Last Closed: 2022-09-03 12:25:51 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:5201 0 None None None 2022-06-27 17:04:01 UTC
Red Hat Product Errata RHSA-2022:5337 0 None None None 2022-06-28 15:16:39 UTC
Red Hat Product Errata RHSA-2022:5392 0 None None None 2022-06-28 17:06:28 UTC
Red Hat Product Errata RHSA-2022:5699 0 None None None 2022-07-28 14:44:04 UTC
Red Hat Product Errata RHSA-2022:5840 0 None None None 2022-08-02 07:45:29 UTC
Red Hat Product Errata RHSA-2022:6156 0 None None None 2022-08-24 13:48:05 UTC
Red Hat Product Errata RHSA-2022:6277 0 None None None 2022-08-31 16:56:20 UTC
Red Hat Product Errata RHSA-2022:6714 0 None None None 2022-09-26 15:27:04 UTC
Red Hat Product Errata RHSA-2023:0408 0 None None None 2023-01-24 13:34:39 UTC
Red Hat Product Errata RHSA-2023:1529 0 None None None 2023-03-30 00:43:00 UTC
Red Hat Product Errata RHSA-2023:3642 0 None None None 2023-06-15 16:00:07 UTC

Description TEJ RATHI 2022-05-11 10:58:07 UTC 
We have just released Go versions 1.18.2 and 1.17.10, minor point releases.
These minor releases include one security fix following the security policy:

When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

References:
https://go.dev/issue/52313
https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU

Commits:
Master : https://github.com/golang/go/commit/f66925e854e71e0c54b581885380a490d7afa30c
Branch.go1.17 : https://github.com/golang/go/commit/04781d14d2d33acbaf70f77e3a58ae0f3c90757c
Branch.go1.18 : https://github.com/golang/go/commit/c0599c5b781de023974519194df6b0c4ebb0adff
Comment 3 Anten Skrabec 2022-06-02 21:59:44 UTC 
Created golang tracking bugs for this issue:

Affects: epel-all [bug 2093091]
Affects: fedora-all [bug 2093092]
Comment 8 errata-xmlrpc 2022-06-27 17:03:57 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.4 for RHEL 8

Via RHSA-2022:5201 https://access.redhat.com/errata/RHSA-2022:5201
Comment 9 errata-xmlrpc 2022-06-28 15:16:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:5337 https://access.redhat.com/errata/RHSA-2022:5337
Comment 10 errata-xmlrpc 2022-06-28 17:06:23 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8
  Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 7

Via RHSA-2022:5392 https://access.redhat.com/errata/RHSA-2022:5392
Comment 12 errata-xmlrpc 2022-07-28 14:44:01 UTC 
This issue has been addressed in the following products:

  OSSO-1.0-RHEL-8

Via RHSA-2022:5699 https://access.redhat.com/errata/RHSA-2022:5699
Comment 13 errata-xmlrpc 2022-08-02 07:45:24 UTC 
This issue has been addressed in the following products:

  Red Hat Migration Toolkit for Containers 1.7

Via RHSA-2022:5840 https://access.redhat.com/errata/RHSA-2022:5840
Comment 16 errata-xmlrpc 2022-08-24 13:48:02 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Data Foundation 4.11 on RHEL8

Via RHSA-2022:6156 https://access.redhat.com/errata/RHSA-2022:6156
Comment 17 errata-xmlrpc 2022-08-31 16:56:16 UTC 
This issue has been addressed in the following products:

  OpenShift Service Mesh 2.1

Via RHSA-2022:6277 https://access.redhat.com/errata/RHSA-2022:6277
Comment 18 Product Security DevOps Team 2022-09-03 12:25:46 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-29526
Comment 19 errata-xmlrpc 2022-09-26 15:26:59 UTC 
This issue has been addressed in the following products:

  RHACS-3.72-RHEL-8

Via RHSA-2022:6714 https://access.redhat.com/errata/RHSA-2022:6714
Comment 20 errata-xmlrpc 2023-01-24 13:34:36 UTC 
This issue has been addressed in the following products:

  RHEL-8-CNV-4.12

Via RHSA-2023:0408 https://access.redhat.com/errata/RHSA-2023:0408
Comment 22 errata-xmlrpc 2023-03-30 00:42:57 UTC 
This issue has been addressed in the following products:

  STF-1.5-RHEL-8

Via RHSA-2023:1529 https://access.redhat.com/errata/RHSA-2023:1529
Comment 23 errata-xmlrpc 2023-06-15 16:00:01 UTC 
This issue has been addressed in the following products:

  Red Hat Ceph Storage 6.1

Via RHSA-2023:3642 https://access.redhat.com/errata/RHSA-2023:3642
Note You need to log in before you can comment on or make changes to this bug.